Month: June 2019

A security lapse at JCrush, a dating app designed for the Jewish community, left a databases open without a password, exposing sensitive user records and private messages to anyone who knew where to look.

The site’s backend database had around around 200,000 user records, according to security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with TechCrunch and wrote up their findings at vpnMentor.

None of the data was encrypted, the researchers told TechCrunch.

We obtained a sample of the records to verify. From what we saw, the records contained the user’s name, gender, email address, IP address, geolocation as well as their city, state and country, date of birth, their sexual preferences, their religious denomination, and the photos they use on JCrush.

Depending on how the user signed up, the records also show the user’s Facebook ID, which points directly to their Facebook profile. It also includes the access token, which can be used to take over a JCrush user’s account without needing their password.

In some cases, the geolocation data was so accurate it was easy to identify exactly where some users lived — especially in residential neighborhoods.

The database also contained private messages — many were explicit and graphic.

Although the researchers didn’t dig into the data — mindful of the privacy implications — they found records relating to “incognito” accounts, which allow users to pay to browse the site anonymously.

The app’s founder Natasha Nova did not respond to a request for comment. An unnamed spokesperson for JCrush’s parent company Northsight Capital said it was “aware” of the situation and “secured the database immediately when the problem occurred.”

“There have been not been any indications that the data had been accessed by malicious parties or misused in anyway,” said the company. When asked, the company did not say what evidence it had for its claim, but noted that the company plans to notify its users and authorities of the incident.

It’s the latest in a series of data exposure at dating apps, or companies that tout anonymity and privacy.

Last year, a dating app for conservative supporters — Donald Daters — admitted a database leak on its first day of operations. Only about 1,600 users had their information exposed. In May, a popular Chinese dating app for gay and queer women, Rena, which had more than five million users, left its database open and exposed.

Read more:

• Rela, a Chinese lesbian dating app, exposed 5 million user profiles
• At Blind, a security lapse revealed private complaints from Silicon Valley employees
• Donald Daters, a dating app for Trump supporters, leaked its users’ data
• Security lapse exposed private Theta photos
• After breach, Stack Overflow says some user data exposed
• An unsecured SMS spam operation doxxed its owners

NASA is celebrating a key step towards its mission to get people back to the Moon: The first large core rocket stage that will power the new Space Launch System being built by contractor Boeing is now four-fifths assembled. Wait – did I just say four-fifths? So like this stage isn’t even complete?

No, it’s not – but when it comes to building gigantic rocket cores that will propel the Orion crewed spacecraft all the way to the Moon in time for the Artemis program’s target date of 2024, you celebrate when you take any significant step forward.

Also, remember we’re talking about four-fifths of a rocket stage that when complete, will be over 200 feet long including engines and fuel tanks, which NASA helpfully points out is approximately the length of a dozen cars parked back-to-back. It’s the biggest rocket NASA will have built since the Saturn V first stage that helped bring the first human visitors to the Moon, which was quite a bit smaller at around 140 feet long.

Next up, NASA will take delivery of other aspects of the SLS launch system and vehicle, and Boeing will of course work on that remaining fifth of this stage. 2024 may seem like a distant target, but rockets take time, and rockets with people on board rightly take even more.

The foundation of today’s machine learning systems is based on relatively simple operations — but a lot of them. Training these models still takes a lot of time and involves vasts amount of training data. Even when using today’s generation of specialized AI chips, it still often takes days to train a model. Then, that model has to be tested, refined and trained again. So a task that would help accelerate the development of autonomous vehicles, for example, can benefit from chips that can process these operations faster than ever before.

It’s still early days for Luminous. However, Gomez says they already have working silicon. While Gomez wouldn’t disclose when this new chip would be launched, he emphasized that this isn’t some distant fantasy. The company is aiming to ship development kits within the next few years.

Still, Gomez acknowledges the scale of what they’re trying to achieve: to ship a single chip that will replace the robustness of 3,000 boards containing Google’s Tensor processing unit (TPU) AI chips.

The 7-person company plans to use the new round of capital to grow its team, specifically with people who have experience in the semiconductor industry.

Bird won’t stop deploying new mobility vehicles and services. Bird has just unveiled the Bird Cruiser, an electric vehicle that is essentially a blend between a bicycle and a moped. The Bird Cruiser can seat up to two people and, depending on the market, the Cruiser will either be pedal-assist or just have a peg. This marks Bird’s first move outside of the kick scooter space.

Bird Cruiser is designed to be part of the startup’s shared vehicles fleet and its Bird Platform program where it enables entrepreneurs to run their own businesses using Bird’s assets.

Launching this summer in a few markets, Bird Cruiser is equipped with hydraulic disc brakes, a 52-volt battery, which many e-bikes have, and is designed to handle hills.

Since this vehicle falls into the classification of an e-bike or motorized scooter, the Bird Cruiser is regulated at the state level. This type of vehicle is regulated at the state level, so local regulations should not hinder Bird’s deployment. Of course, riders must adhere to city laws around bike lanes and speeds.

“Bird’s introduction of shared e-scooters spurred a global phenomenon and mode shift away from cars,” Bird founder and CEO Travis VanderZanden said in a statement. “To further accelerate progress on our mission to make cities more livable, we are providing additional environmentally friendly micro-mobility alternatives—including Bird Cruiser. Starting this summer, people can move about their city and explore new neighborhoods together, without a car. Designed and engineered in California, Bird Cruiser is an inclusive electric-powered option that is approachable, easy-to-ride and comfortable on rough roads.”

Earlier this year, startup Wheels raised $37 million for its electric bike startup. While they look slightly similar, Wheels can only seat one person and requires pedaling.

This news comes shortly after Bird began selling its electric scooters directly to consumers. Bird also recently started offering a monthly rental option for riders in cities where regulators do not currently allow Bird to operate its shared scooter program.

It’s no secret that Mozilla sees privacy as a differentiating feature for its revitalized Firefox browser. Today, the Firefox team is launching one of its broadest set of releases that aim to keep advertisers and others from following you across the web, while also making it harder for Facebook to track you. In addition, the organization is launching a desktop version of its password manager and some improvements to its Firefox Monitor data breach notification service.

“This past year, we’ve seen tech companies talk a big game about privacy as they’re realizing that, after several global scandals, people feel increasingly vulnerable,” Firefox SVP Dave Camp writes in today’s announcement, explaining the organization’s reasoning for today’s update. “It’s unfortunate that this shift had to happen in order for tech companies to take notice. At Firefox, we’re doing more than that. We believe that in order to truly protect people, we need to establish a new standard that puts people’s privacy first.”

The launch of Enhanced Tracking Protection, which allows you to keep third-party trackers and cookies from following you around the web, doesn’t come as a surprise. Mozilla has been talking about its new anti-tracking measures for a while. Previously, it offered a similar feature, but that was restricted to private windows, which was useful — and probably a good way for Mozilla to test these new capabilities — but far from comprehensive. For new users, Enhanced Tracking Protection will now be on by default, while existing users will either have to enable it manually for now or wait for Mozilla to turn it on for them in the near future.

In the browser, you’ll see these new features in the form of a new set of controls in the settings menu, as well as by clicking on the new shield icon in the URL bar. In its standard setting, which is the default, Enhanced Tracking Protection will block all third-party tracking cookies, based on the Disconnect list. You can also opt for a strict setting, which may break some sites, or opt for your own custom settings, too.

While it’s not directly built into the browser, Mozilla also today launched an updated version of its Facebook container extension that now allows you to also put Facebook share and like buttons into the container and disable them by default. That way, Facebook won’t be able to build a useful a shadow profile of you when you are locked out (or not even a Facebook user).

With today’s announcements, Mozilla is also expanding its Lockbox password manager to the desktop. Until now, Lockbox only existed as a set of mobile apps, but Mozilla launched a Firefox desktop extension, too. It’s also changing the name to Lockwise. It’s a pretty straightforward password manager experience, though, at least for the time being, notably near not as fully features as Dashlane, 1Password, LastPass or similar options.

To round out today’s set of announcements, Mozilla is also launching a new dashboard for Firefox Monitor, its tool that lets you check whether your email addresses popped up in any data breaches and set alerts for any future breaches. Monitor now features a dashboard that lets you see which email addresses you are monitoring and which ones have likely been compromised.

If you’re thinking about starting a technology company, you may want to consider focusing on cybersecurity.

Last week was an incredible M&A whirlwind with four security companies getting acquired over just a three-day period:

• On Tuesday, FireEye bought Verodin, a five-year-old startup that helps measure the effectiveness of your cybersecurity defenses for $250 million.
• On Wednesday, Palo Alto Networks entered the fray, buying not one, but two Israeli security startups. The big prize was container security company Twistlock for $410 million. It also snagged serveless security company PureSec. Reports in Israeli media pegged that deal at between $60 and $70 million.
• If that wasn’t enough for you, private equity firm Insight Partners bought 10-year old threat intelligence company, Recorded Future for $780 million.

That’s more than $1.5 billion changing hands for those of you keeping score at home. If you take a look at the four firms, the one common denominator was that each one was covering a different aspect of cybersecurity. Two were looking at more operational tasks, while the two companies that Palo Alto Networks grabbed were aimed squarely at modern developers using containers and serverless technologies.

How much of an obligation should social media platforms be under to hunt down illegal content?

An influential advisor to Europe’s top court has taken the view that social media platforms like Facebook can be required to seek out and identify posts that are equivalent to content that an EU court has deemed illegal — such as hate speech or defamation — if the comments have been made by the same user.

Platforms can also be ordered to hunt for identical repostings of the illegal content.

But there should not be an obligation for platforms to identify equivalent defamatory comments that have been posted by any user, with the advocate general opining that such a broad requirement would not ensure a fair balance between the fundamental rights concerned — flagging risks to free expression and free access to information.

“An obligation to identify equivalent information originating from any user would not ensure a fair balance between the fundamental rights concerned. On the one hand, seeking and identifying such information would require costly solutions. On the other hand, the implementation of those solutions would lead to censorship, so that freedom of expression and information might well be systematically restricted.”

We covered this referral to the CJEU last year.

It’s an interesting case that blends questions of hate speech moderation and the limits of robust political speech, given that the original 2016 complaint of defamation was made by the former leader of the Austrian Green Party, Eva Glawischnig.

An Austrian court agreed with Glawischnig that hate speech posts made about her on Facebook were defamatory and ordered the company to remove them. Facebook did so, but only in Austria. Glawischnig challenged its partial takedown and in May 2017 a local appeals court ruled that it must remove both the original posts and any verbatim repostings and do so worldwide, not just in Austria. 

Further legal appeals led to the referral to the CJEU which is being asked to determine where the line should be drawn for similarly defamatory postings, and whether takedowns can be applied globally or only locally.

On the global takedowns point, the advocate general believes that existing EU law does not present an absolute blocker to social media platforms being ordered to remove information worldwide.

“Both the question of the extraterritorial effects of an injunction imposing a removal obligation and the question of the territorial scope of such an obligation should be analysed, in particular, by reference to public and private international law,” runs the non-binding opinion.

Another element relates to the requirement under existing EU law that platforms should not be required to carry out general monitoring of information they store — and specifically whether that directive precludes platforms from being ordered to remove “information equivalent to the information characterised as illegal” when they have been made aware of it by the person concerned, third parties or another source. 

On that, the AG takes the view that the EU’s e-Commerce Directive does not prevent platforms from being ordered to take down equivalent illegal content when it’s been flagged to them by others — writing that, in that case, “the removal obligation does not entail general monitoring of information stored”.

Advocate General Maciej Szpunar’s opinion — which can be read in full here — is not the last word on the matter, with the court still to deliberate and issue its final decision (usually within three to six months of an AG opinion). However advisors to the CJEU are influential and tend to predict which way the court will jump.

We’ve reached out to Facebook for comment.

Meet Majelan, a French startup that wants to make podcasts more accessible. Behind the scene, Majelan is the startup created by former Radio France CEO Mathieu Gallet and Arthur Perticoz. The app is launching today on iOS and Android in the coming days.

Given that Gallet was previously at the head of all French public radios, the company has already raised $4.5 million from Idinvest Partners, Jacques Veyrat, Kima Ventures, Fabrice Larue and others.

At a press conference, Gallet said that Majelan isn’t the Netflix of podcasts. “It’s an experience that is 99.99% free. We are a content aggregator, an RSS feed aggregator,” he said.

But it doesn’t mean that the company hasn’t been inspired by Netflix, Spotify, Molotov and other streaming platforms. So let’s unpack what all of this means.

A more personal podcast player

Podcasts are an interesting content format. If you listen to the same host for a while, it feels like you know them and they’ve become your friends. But many podcast players provide a dry experience that feels more like using Google News than interacting with people you listen to.

Majelan gets the basic rights when it comes to podcast players. Pretty much like the Apple Podcasts app, you can search for podcasts, download and listen to episodes. If you like what you’re hearing, you can subscribe to a podcast and get new episodes when they’re released. It’s a true podcast player as you can even paste a podcast URL to add any podcast you want.

But Majelan thinks Apple Podcasts and the iTunes podcast directory are reminiscent of a phone book — Apple Podcasts is by far the leading podcasting app right now. It’s hard to find content and you don’t get any customized recommendations.

In other words, you probably know someone who wants to get into podcasts but doesn’t know where to start.

“The homepage is completely editorialized by the Majelan teams — they create topic-based playlists. They have listened to hours and hours of content and we already have 50 playlists,” Gallet said.

Each playlist is a collection of podcast episodes based on a specific subject — for instance the S01E01 playlist is all about TV series. Some playlists are based on a mood, such as “tropical shower”. The editorial team will regularly update playlists, phase out some of them and add new ones. It works like Spotify playlists made by the Spotify team.

On the search page, Majelan is using a grid view of buttons so that you can find podcasts on your favorite subjects (cooking, soccer, crime stories, philosophy, romance, etc.).

The Majelan team has met with the French TV and radio archive institue INA to learn how to tag a giant library of content. They are now manually tagging thousands of podcasts with hundreds of tags so that you can find the perfect podcast for your.

After you listen to podcasts for a while, you’ll find personalized recommendations in a tab called “For You”. This is an algorithm-driven tab that will soon tell you why Majelan thinks you’ll like a particular podcast.

A premium podcast network

Majelan’s business model is as interesting as the app itself. The company doesn’t show you any banner ad and doesn’t insert audio ads. Instead, you can subscribe to Majelan+ for €4.99 per month, or €1.99 per podcast ($5.57 and $2.22 respectively) — companies can sponsor curated playlists though.

Subscribers don’t get any premium feature, but they can access Majelan+ content. The company doesn’t mix premium content with free content for now. You have to head over to the Majelan+ tab to see premium content and listen to teasers and episodes.

There are 20 premium podcasts at launch. Half of them have been produced and recorded in the Majelan studio, and half of them have been produced with partners. Majelan is distributing those podcasts and sharing revenue with those creators.

Launch partners include INA, Universal Music, Society, Sara Yalda’s conferences and Clique.TV interviews. When it comes to in-house content, there are podcasts for kids, teens and adults.

For instance, Mautpassant(s) features short stories written by Mautpassant and read by famous TV anchors. “Tu deviendras grand” talks about the childhood of historical figures.

It’s all about data

By controlling the player, Majelan is collecting a ton of data about podcasts. For instance, the startup knows when people usually stop listening to a podcast. They can spot some trends and adjust their premium content based on what users want.

On each episode, you can react with various emojis, such as a heart, a thumbs up, a fire emoji, etc. Majelan plans to let podcast creators access this data in the Majelan back end. The company doesn’t want to monetize this data itself.

And this is the challenge with all podcast startups. Apple has been a neutral actor and its podcast directory has been open to anyone. For instance, you can create a podcast player and leverage Apple’s podcast directory for free. But many creators in the podcast community don’t want to see a well-funded private actor ruin everything.

So far, Majelan has had a cautious approach. Sure, you won’t be able to access Majelan+ content from another podcast player. But Majelan isn’t alienating the podcast ecosystem by monetizing free podcasts with audio ads for instance. It’s a fine line, so let’s see if the startup can keep the right balance over time.

Eventually, Majelan thinks audio content isn’t just about podcasts. The company plans to launch audiobooks and play with different formats to make audiobooks more accessible.

Everything has been designed to work in other languages and you can already switch the app to another language. And the startup should launch curated playlists and premium content in other languages soon.

Just as podcasting hits the mainstream in the west, China, which is also experiencing an audio boom, is seeing restrictions tighten around shows as evidenced by new curbs from Apple.

This week, the U.S. tech giant has pulled a handful of Chinese-language podcasts from its Chinese Podcasts store, one of the few remaining channels for people in mainland China to find content immune from scrutiny by the country’s media regulators.

The crackdown seems to be taking an incremental pace so far. Three podcasters, including hosts of NickTalk and Two I.T. Uncles (两个iT大叔), confirmed with TechCrunch on Tuesday that their shows disappeared from Apple’s Chinese Podcasts app this week.

Several other noted shows, including Yitianshijie (一天世界), appear to remain unaffected while others, such as Suijiya (随机鸭), seem to have suffered from a partial blockade. That’s to say that individual episodes appear in search results, but the podcast homepages are inaccessible which makes it impossible for new subscribers to sign up.

In an email reply to Two I.T. Uncles reviewed by TechCrunch, Apple confirmed that the podcast is currently available in “all territories except China,” adding that “only shows from select partners are available in the Chinese Apple Podcasts store.”

Apple did not provide further details as to what it means by “select partners.” TechCrunch has contacted the company for clarification, but we had not heard back at the time of writing.

The removals appear to be ill-timed, coinciding with the thirtieth anniversary of China’s Tiananmen Square crackdown, which falls on June 4th and has already led to tighter control on China’s online discouse.

That’s a big deal for Apple as people have long celebrated its Podcasts app as unhampered by Beijing’s censorship. The IPN, a variety of popular Chinese talk shows on different topics, has repeatedly urged listeners to choose international services like Apple Podcasts, Castro and Overcast over Himalaya FM, Lizhi FM and other local counterparts that are prone to Chinese reins.

Some have foretold the curbs, arguing that this marks Apple’s latest step to fill a regulatory loophole in its Chinese service. Words on the street have it that the American company’s “select partners” might include Himalaya and Lizhi, which not only deliver shows to listeners but also host the content.

Under Chinese laws, they must screen the podcasts before making them public. In other words, if Apple China starts requesting episodes to be kept on these platforms, the content will come under scrutiny by China’s often murky and vague media policies.

The tie-up, however, “could make Apple’s podcast operations more law-abiding in China,” suggested Wang Boyuan, editor at TechCrunch.cn, TechCrunch’s content partner in China.

By contrast, Apple Podcasts serve as directories of podcast RSS feeds, which keep information about where a show is stored and when a new episode has been added, meaning it’s usually more hands-off compared to the hosting services.

“The Apple Podcasts store is like an aggregate search engine,” said Nick Zhang, host of NickTalk. “That’s why my episode about the June 4th [incident] could still play as usual.”

A number of popular English-language podcasts from the west have long been unavailable in the Chinese store, but the latest crackdown seems to have extended the control to overseas Chinese content. Chinese podcasts uploaded from a non-Chinese Apple accounts were also being restricted, according to a Telegram notice posted by the show Renjian Zhinan (人间指南), citing tests it had performed.

This isn’t the first time Apple has placed limits on its Chinese services. In 2017, the firm dropped hundreds of VPNs, tools that help local internet users access overseas sites that are otherwise blocked, from its Chinese App Store to comply with local internet laws. In another major step last year, Apple began storing data of its China-based users locally, making seas of digital footprints accessible to local authority.

As US regulators gear up to launch another antitrust probe of Google’s business, an alternative Android app store is dialling up its long time complaint of anti-competitive behavior against the search and smartphone OS giant.

Portugal-based Aptoide is launching a campaign website to press its case and call for Google to “Play Fair” — accusing Mountain View of squeezing consumer choice by “preventing users from freely choosing their preferred app store”.

Aptoide filed its first EU antitrust complaint against Google all the way back in 2014, joining a bunch of other complainants crying foul over how Google was operating Android.

And while the European Commission did eventually step in, slapping Google with a $5BN penalty for antitrust abuses last summer after a multi-year investigation, rivals continue to complain the Android maker still isn’t playing fair.

In the case of Aptoide, the alternative Android app store says Google has damaged its ability to compete by unjustifiably flagging its app as insecure.

“Since Summer 2018, Google Play Protect flags Aptoide as a harmful app, hiding it in users’ Android devices and requesting them to uninstall it. This results in a potential decrease of unique Aptoide users of 20%. Google Play Protect is Google’s built-in malware protection for Android, but we believe the way it works damages users’ rights,” it writes on the site, where it highlights what it claims are Google’s anti-competitive behaviors, and asks users to report experiences of the app being flagged.

Aptoide says Google has engaged in multiple behaviors that make it harder for it to gain or keep users — thereby undermining its ability to compete with Google’s own Play Store.

“In 2018, we had 222 million yearly active users. Last month (May’19), we had 56 million unique MAU,” co-founder and CEO Paulo Trezentos tells TechCrunch. “We estimate that the Google Play removal and flagging had cause the loss of 15% to 20% of our user base since June’18.”

(The estimate of how many users Aptoide has lost was performed using Google SafetyNet API which he says allows it to query the classification of an app.)

“Fortunately we have been able to compensate that with new users and new partnerships but it is a barrier to a faster growth,” he adds.

“The googleplayfair.com site hopes to bring visibility to this situation and help other start ups that may be under the same circumstances.”

Among the anti-competitive behaviors Aptoide accuses Google of engaging in are flagging and suspending its app from users’ phones — without their permission and “without a valid reason”.

“It hides Aptoide. User cannot see Aptoide icon and cannot launch. Even if they go to ‘settings’ and say they trust Aptoide, Aptoide installations are blocked,” he says. “If it looks violent, it’s because it’s a really aggressive move and impactful.”

Here’s the notification Aptoide users are shown when trying to override Google’s suspension of Aptoide at the package manager level:

Even if an Aptoide user overrides the warning — by clicking ‘keep app (unsafe)’ — Trezentos says the app still won’t work because Google blocks Aptoide from installing apps.

“The user has to go to Play Protect settings (discover it it’s not easy) and turn off Play protect for all apps.”

He argues there is no justification for Aptoide’s alternative app store being treated in this way.

“Aptoide is considered safe both by security researchers [citing a paper by Japanese security researchers] and by Virus Total (a company owned by Google),” says Trezentos, adding: “Google is removing Aptoide from users phone only due to anticompetitive practices. Doesn’t want anyone else as distribution channel in Android.”

On the website Aptoide has launched to raise awareness and inform users and other startups about how Google treats its app, it makes the claim that its store is “proven… 100% secure” — writing:

We would like to be treated in a fair way: Play Protect should not flag Aptoide as a harmful app and should not ask users to uninstall it since it’s proven that it’s 100% secure. Restricting options for users goes against the nature of the Android open source project [ref10]. Moreover, Google’s ongoing abusive behaviour due to it’s dominant position results in the lack of freedom of choice for users and developers.We would like to keep allowing users and developers to discover and distribute apps in the store of their choice. A healthy competitive market and a variety of options are what we all need to keep providing the best products.

Trezentos stands by the “100% secure” claim when we query it.

“We think that we have a safer approach. We call it  ‘security by design’: We don’t consider all apps secure in the same way. Each app has a badge depending on the reputation of the developer: Trusted, Unknown, Warning, Critical,” he says.

“We are almost 100% sure that apps with a trusted badge are safe. But new apps from new developers, [carry] more risk in spite of all the technology we have developed to detect it. They keep the badge ‘unknown‘ until the community vote it as trusted. This can take some weeks, it can take some months.”

“Of course, if our anti-malware systems detect problems, we classify it as ‘critical’ and the users don’t see it at all,” he adds.

Almost 100% secure then. But if Google’s counter claim to justify choking off access to Aptoide is that the app “can download potentially harmful apps” the same can very well be said of its Play Store. And Google certainly isn’t encouraging Android users to pause that.

On the competition front, Aptoide presents a clear challenge to Google’s Android revenues because it offers developers a more attractive revenue split — taking just 19%, rather than the 30% cut Google takes off of Play Store wares. (Aptoide couches the latter as “Google’s abusive conditions”.)

So if Android users can be persuaded to switch from Play to Aptoide, developers stand to gain — and arguably users too, as app costs would be lower.

While, on the flip side, Google faces its 30% cut being circumvented. Or else it could be forced to reduce how much it takes from developers to give them a greater incentive to stock its shelves with great apps.

As with any app store business, Aptoide’s store of course requires scale to function. And it’s exactly that scale which Google’s behavior has negatively impacted since it began flagging the app as insecure a year ago, in June 2018, squeezing the rival’s user-base by up to a fifth, as Aptoide tells it.

Trezentos says Google’s flagging of its app store affects all markets and “continues to this day” — despite a legal ruling in its favor last fall, when a court in Portugal ordered Google to stop removing Aptoide without users’ permission.

“Google is ignoring the injunction result and is disregarding the national court. No company, independently of the size, should be above court decisions. But it seems that is the case with Google,” he says.

“Our legal team believe that the decision applies to 82 countries but we are pursuing first the total compliance with the decision in Portugal. From there, we will seek the extension to other jurisdictions.”

“We tried to contact Google several times, via Google Play Protect feedback form and directly through LinkedIn, and we’ve not had any feedback from Google. No reasons were presented. No explanation, although we are talking about hiding Aptoide in millions of users’ phones,” he adds.

“Our point in court it’s simple: Google is using the control at operating system level to block competitors at the services level (app store, in this case). As Google has a dominant position, that’s not legal. Court [in Portugal] confirmed and order Google to stop. Google didn’t obey.”

Aptoide has not filed an antitrust complaint against Google in the US — focusing its legal efforts on that front on local submissions to the European Commission.

But Trezentos says it’s “willing to cooperate with US authorities and provide factual data that shows that Google has acted with anti-competitive behaviour” (although he says no one has come knocking to request such collaboration yet.)

In Europe, the Commission’s 2018 antitrust decision was focused on Android licensing terms — which led to Google tweaking the terms it offers Android OEMs selling in Europe last fall.

Despite some changes rivals continue to complain that its changes do not go far enough to create a level playing field for competition.

There has also not been any relief for Aptoide from the record breaking antitrust enforcement. On the contrary Google appears to have dug in against this competitive threat.

“The remedies are positive but the scope is very limited to OEM partnerships,” says Trezentos of the EC’s 2018 Android antitrust decision. “We proposed additionally that Google would be obliged to give the same access privileges over the operating system to credible competitors.”

We’ve reached out to the Commission for comment on Aptoide’s complaint.

While it’s at least technically possible for an OEM to offer an Android device in Europe which includes key Google services (like search and maps) but preloads an alternative app store, rather than Google Play, it would be a brave device maker indeed to go against the consumer grain and not give smartphone buyers the mainstream store they expect.

So, as yet, there’s little high level regulatory relief to help Aptoide. And it may take a higher court than a Portuguese national court to force Google to listen.

But with US authorities fast dialling up their scrutiny of Mountain View, Aptoide may find a new audience for its complaint.

“The increased awareness to Google practices is reaching the regulators,” Trezentos agrees, adding: “Those practices harm competition and in the end are bad for developers and mobile users.”

We reached out to Google with questions about its treatment of Aptoide’s rival app store — but at the time of writing the company had not responded with any comment. 

There have also been some recent rumors that Aptoide is in talks to supply its alternative app store for Huawei devices — in light of the US/China trade uncertainties, and the executive order barring US companies from doing business with the Chinese tech giant, which have led to reports that Google intends to withdraw key Android services like Play from the company.

But Trezentos pours cold water on these rumors, suggesting there has been no change of cadence in its discussions with Huawei.