Author: azeeadmin

Meet Detail, a new startup working on an app for iOS and macOS so that you can turn your iPhone into a software-optimized camera for live video. The startup wants to make it easy to use the phone that you have in your pocket with the live-streaming platform that you already use, such as Zoom, Google Meet, Twitch, Hopin or YouTube Live.

Over the past year, if you have had to present something to a large audience over a live stream, chances are you’ve faced a few challenges. First, as Joanna Stern of the Wall Street Journal demonstrated, laptop webcams suck. There’s no way you’re going to look good with your computer.

Second, if you’re willing to invest some money, you can buy a ring light, a dedicated camera, a good microphone, etc. The issue is that it’s expensive. More importantly, it’s been really hard to buy some of this stuff as many remote workers have been looking for those devices.

Third, you might be good at teaching something, but not good at video production. Those are different skills and somehow people are telling you that you should know everything about white balance, anti-flickering and more.

As for Detail, the company wants to make it as easy as possible to go from zero to live stream. The best camera that you have is most likely the one in your pocket, right there on the back of your smartphone. For the past few years, computational photography has led to tremendous improvements when it comes to taking photos with your phone. But there’s still some work to do on the live-streaming front.

Detail founder Paul Veugen rightly points out that hosting a live video has become a commodity. But everything that happens before you send the video feed over the internet could be improved.

At first Detail is going to be an iPhone and Mac app that work hand in hand like Camo and EpocCam. There are going to be some easy-to-use settings to tweak color grades, add filters, etc. It’s going to be a more opinionated take on the smartphone-as-a-webcam movement.

Behind the scenes, the team is composed of some of the people that worked on Human, an app I started covering way back in 2013. Human was a passive fitness tracking app — you could set it up and get insights about how active you had been over the past few days. Essentially, it was like Apple’s activity rings before Apple introduced the Apple Watch. Human was acquired by Mapbox in 2016.

Detail raised a $2 million pre-seed round led by Connect Ventures. Hustle Fund, Alexander Ljung, Anke Huiskes, Arthur Kosten, Elodie & Tony Jamous, Hiten Shah, Janis Krums, Mart Kelder, Micha Hernandez van Leuffen, Othman Laraki, Omri Amir and Sten Tamkivi are also participating in the round.

As you can see, Detail is still in active development and the beta test is going to start soon. But it’s an intriguing app and I’m going to keep an eye on it to see how it pans out.

Capsule‘s plan to launch a super simple decentralized social media platform which is safe from censorship by Big Tech has advanced another stage: The nascent startup has closed a seed round of funding ($1.5M) led by Beacon Fund, a dedicated crypto fund by Polychain Capital — which is itself focused on startups building on Dfinity’s decentralized network for next-gen ‘open’ apps (aka, the Internet Computer).

As we reported in January, the idea for Capsule started with a tweet that almost immediately pulled in a pre-seed raise of $100k. That’s now been topped up with seed financing to get a prototype to market later this month.

Mobile apps are also on the cards and the funding will be used to build out Capsule’s team as well (currently it’s around four people).

Capsule founder Nadim Kobeissi, a cryptography researcher who previously authored the open-source E2E-encrypted desktop chat app Cryptocat, says they’re on track to put out an MVP this month — once they’ve made a few tweaks to the infrastructure.

“The prototype is ready,” he tells TechCrunch. “We’re investigating switching some of the infrastructure from GUN to IPFS [InterPlanetary File System; aka a p2p hypermedia protocol], and improving the user interface. We could launch an MVP now but are choosing to hold off by a few weeks.”

Polychain Capital outted its Beacon Fund last September. The $14.5M investment vehicle is funded by Polychain, Andreessen Horowitz, and the Dfinity Foundation — and aims to support entrepreneurs and teams building on Dfinity’s the Internet Computer (TIC); aka a serverless architecture for natively hosting software and services (which it refers to as the “first blockchain computer that runs at web speed with infinite capacity”).

Kobeissi’s original concept for Capsule, meanwhile, was to create self-hosting microservices. He says that hasn’t changed — but sees potential for TIC to help solve some specific technical issues.

“The Internet Computer will hopefully be helping us build a ‘customized mini-blockchain’ to solve two issues with Capsule: Global authenticated timestamps for posts as well as a root of trust for user’s authentication keys for posts,” he says. “We were looking to solve these issues somehow before this investment and were already considering Dfinity as the potential solution given that it has a programming language that allows for building these ‘custom mini-blockchains’ as we see them.”

“The rest will still be a self-hosting, self-contained, precisely engineered micro-services concept, with IPFS (previously GUN) as a decentralized database/connectivity back-end,” he adds.

Given the intent with TIC is to hosts all sorts of decentralized apps it’s possible — indeed, likely — that a bunch of decentralized social media plays will emerge. Last year, for example, Dfinity launched a proof of concept for an ‘open’ version of the professional social network, LinkedIn — which it punningly called ‘LinkedUp’.

It went on to demo a TikTok clone — and to open TIC up to outside developers last summer. So there could soon be a bunch of apps built atop its network touting social networking services without the meddling hand of Big Tech. Where, then, does Kobeissi see Capsule’s USP — i.e. if/when there’s a sea of decentralized ‘mega-apps’ that can also claim resilience to censorship?

“We think Capsule’s value will lie in its exceptional user experience, quality, performance, ease of use and high quality engineering that draws on advanced technologies such as TIC and IPFS without saddling bloat,” he says. “Others may use the same technology but I think we can do a good job on building something simple that just works and that is a pleasure to use.”

“Ultimately, I think that Capsule will be to Facebook what healthy, vegetarian diets are to a McDonald’s diet,” he adds more generally of his intent for the service. “Capsule may be a social media service but its relationship with its users and developers will be fundamentally different than Big Tech platforms.”

Below are a few screenshots showing current mock-ups of the Capsule interface.

[gallery ids="2122777,2122775,2122776"]

In December, Walmart partnered with TikTok on the first pilot test of a new livestreamed shopping experience in the U.S. on the video platform. That test seemingly performed well, as today Walmart announced it will return to TikTok to host another livestream shopping event, the “Spring Shop-Along: Beauty Edition,” which will feature TikTok creators and influencers in an hour-long livestream.

The retailer didn’t disclose to what extent its first TikTok live shopping event drove sales, but noted that it netted 7x more views that it had anticipated, and was able to grow its TikTok follower base by 25%. These metrics were encouraging enough to send Walmart back to the platform for another go — this time, to promote beauty products instead of apparel, which had been the focus of the holiday livestream.

The new Spring Shop-Along will run this Thursday, March 11 at 9 PM EST on the Walmart TikTok channel. Like the prior holiday event, the new livestream shopping event will see various TikTok creators joining to talk about and demonstrate their favorite items. One participating creator has already been announced: Gabby Morrison (@GabbyMorr) who has over 3.5 million TikTok followers.

Gabby and others will demo their skincare, makeup and hair routines and reveal the Walmart beauty products they’re using during the 60-minute live event. Featured beauty brands will include NYX, Maybelline, The Lip Bar, Bliss, Kim Kimble, and Marc Jacobs fragrances.

Viewers watching the event will be able to get beauty tips as well as shop the products featured directly in the TikTok app by tapping on product “pins.” This will allow them to add items to their cart that they can then check out either during or after the event.

“Brands have found a unique home on TikTok to create content that speaks to the community and inspires engagement, whether it’s participating in trends or discovering new products,” said Blake Chandlee, President of TikTok Global Business Solutions, in a statement about Walmart’s plans.

“With the shoppable livestream experience, it’s exciting to see how the TikTok community loves engaging with their favorite creators and discovering new products. We look forward to continue building innovative ways to power the path from discovery to purchase, and seeing brands like Walmart bring their creativity to users,” Chandlee added.

Walmart had already signaled its interest in leveraging TikTok for e-commerce ahead of the holiday livestream. Notably, it had planned to invest in TikTok when the video app was threatened with a ban under the Trump administration, unless it sold its U.S. operations to an American company. That forced sale, which would have spun out TikTok’s U.S. business to new owners Oracle and Walmart, is shelved for the time being as the Biden administration reviews the agency action under Trump.

Livestreamed shopping is an area of increasing interest and investment in the U.S. The trend has seen a number of startups enter the market, including NTWRK and recently funded Bambuser and Popshop Live, among others. Larger tech companies are also taking part — including not only live shopping, but also with mobile video-based shopping, too.

Google’s R&D project for mobile video shopping Shoploop, for example, was integrated into search. Facebook acquired a video shopping startup Packagd to build out live shopping features, and has heavily invested in video shopping across Facebook and Instagram. Amazon runs live shopping through its QVC-like Amazon Live. Alibaba (AliExpress) JD.com, Pinduoduo, WeChat and TikTok’s Chinese sister app, Douyin, all support mobile video shopping, as well.

Walmart said its plan to partner with TikTok on livestream shopping wasn’t a result of its deal talks, however — it’s been an active brand on TikTok’s platform for well over a year. The retailer even tasked its employees to make TikTok videos, in addition to running its own TikTok channel.

Following this week’s live shopping event, Walmart says it plans to bring more shopping experiences to TikTok in the months to come, by continuing to partner with creators to highlight different products via different formats.

Carbon Engineering is moving ahead with its carbon removal service business, allowing customers to buy the removal of carbon dioxide from the atmosphere using its direct air capture technology.

The launch of the service, and the announcement that Shopify will be the company’s first customer, comes as the company’s most direct competitor, Climeworks, made moves of its own — striking a deal with the Swedish sequestration services company Northern Lights to move forward with its own direct air capture as a service offering.

With the  Shopify agreement, Carbon Engineering has the first paying customer for 10,000 tonnes of permanent carbon removal capacity from a large-scale DAC project. The removal and sequestration will be done by CE’s plant development partner, 1PointFive – the US development company that’s currently engineering CE’s first industrial-scale facility, the company said. That facility is due to be completed in 2024. 

“Early customers for direct air capture (DAC) — especially companies with ambitious climate goals — can have outsized impact today: not only does procuring DAC services enable companies to hit ‘net-zero’ pledges faster, but it helps DAC technology come down the ‘learning curve,’ driving cost reductions and making DAC services more affordable and accessible for a wider customer base in the future,” said Noah Deich, president and founder of the climate focused advocacy group Carbon180. “I’m very excited to see Carbon Engineering announce a way for early corporate leaders — and hopefully a wave of fast followers — to devote more of their climate spend towards DAC.”

Their timeframe puts the Carbon Engineering timetable on roughly even footing with Climeworks for getting to market. Luckily for both firms, given the billions of tons of carbon dioxide emissions that need to be captured and sequestered it’s a market that’s definitely big enough for both of them. 

With its commitment, Shopify becomes the largest publicly-announced purchaser of direct air capture-based carbon removal.

“Carbon Engineering’s mission has always been to deliver a highly scalable and affordable solution for removing carbon dioxide from the atmosphere,” said CE CEO, Steve Oldham, in a statement. “We’re on the brink of large-scale deployment of our technology and the next critical step is accumulating market interest and securing customers. This new service allows us to do that. It also makes it easy for companies and governments to include permanent carbon removal in their net-zero plans. We’re thrilled to expand our relationship with Shopify and welcome them as our first carbon removal customer, and we look forward to supporting others so we can collectively make large-scale carbon removal a reality.”

Carbon removal unit purchases will be fulfilled by distributed air capture facilities deployed by 1PointFive, Carbon Engineering’s development partner, which is backed by deep-pocketed investors including Oxy Low Carbon Ventures, LLC, a subsidiary of Occidental, and Rusheen Capital Management.

Carbon Engineering is also working with Pale Blue Dot Energy out of the UK to bring its direct air capture technology across the Atlantic.

“We welcome this news and applaud Shopify on their climate leadership position,” said 1PointFive Chairman Richard Jackson. “Alongside climate experts like the Intergovernmental Panel on Climate Change, we recognize that permanent carbon removal is going to be necessary to achieve our vision of a sustainable low-carbon world. 1PointFive looks forward to bringing large-scale carbon removal capability based on CE’s technology to the market, helping customers worldwide to achieve their climate goals.” 

The world of cybersecurity has seen a huge proliferation of new technology and services over the years. But with the primary focus being on solutions for larger enterprises, it leaves a big gap in the market for small and medium businesses, not least because they are increasingly finding themselves to also be a focus of malicious hackers. Today, a startup called ActZero is coming out of stealth with a set of solutions aimed specifically at SMBs. Along with its public launch, it’s also announcing that it has raised a seed round $40 million to get its business going.

“Our main focus is SMB security,” Sameer Bhalotra, the co-founder and CEO, said in an interview. The way he and the others at ActZero see it, many startups have emerged to target the security issues faced by big government and large enterprises. “But we want to help the small and medium businesses who we feel might need help the most. No one has stitched the products together the way SMBs need them to be.”

That solution is focused around monitoring, managed detection and response, he said, not just to discover but to contain cyber threats, which ActZero powers by way of a comprehensive, cloud-based AI platform. The AI in turn helps automate some of its services, bringing down the pricing and making it all something within the budgetary reach of a typical SMB. ActZero’s smallest customers have a few hundred employees, while the biggest have a headcount of around 3,500.

“We are bringing technology to bear to democratize access,” he said.

The funding is coming from a single investor, Point72 Hyperscale, a VC firm backed by Stephen Cohen, who may be most well known for his track record in private equity. That money was raised, Bhalotra said, “on day one” of ActZero being founded in 2019.

$40 million may sound like a lot for a seed round, especially for a company that had yet to launch a service or acquire a customer. But it’s money that has been put to work already.

Some of the funding was used to acquire IntelliGo, a security startup out of Canada, last year, to give the company a head start on training its AI models with IntelliGo’s data, and also to bring on the startup’s customers to be its first users.

Another reason for the large funding round and strong confidence in what was just a concept at the time is the track record of the startup’s executives.

A previous security company cofounded by Bhalotra, StackRox, was acquired by RedHat, and another, Impermium, where he was a key executive, was acquired by Google where he became a cybersecurity executive. He was also senior director for cybersecurity in the Obama White House, among many other critical roles.

Co-founder Ed Gardner was a longtime security architect and program manager first at Akamai, then Amazon and then Microsoft. ActZero’s COO Chris Finan also spent years at Impermium, Shape Security, and in a number of security roles over many years in Washington.

The work that they and others on the ActZero team put into managing cybersecurity in years past saw their primary focus train on formidable opponents that came in the form of state actors or those financed by large entities intent on stealing state intelligence, intellectual property from major companies, money laundering, and disrupting networks and normal activity for other motives. “Cyberdefense was mostly about big banks and government agencies,” Bhalotra said, speaking with just a little wistfulness in his voice, maybe because it was, relatively speaking, a lot simpler back then.

These are not exactly the same kinds of issues that SMBs have traditionally faced, but times are changing. In more recent years, the evolution of cybercrime has been swift and — ironically — democratized in the process, where not even the smallest companies are totally safe.

And in some ways, the threat is proportionately worse for less well-equipped smaller companies not set up to weather risky financial events. Recent research from the Ponemon Institute and IBM found that the average cost of a breach can reach into the millions of dollars, which can cripple smaller businesses.

You can liken the situation in enterprise security somewhat to the offline world of organized crime, where there are higher levels of groups that are dealing with huge sums of money and engaging in major industries, while there are also lower levels involved in more localized and smaller activities, and even low runs working in petty crime.

A lot of the primary threat for SMBs in recent years has been around ransomware, “and criminal organizations have innovated on their business models and they have now moved beyond ransomware to data extortion,” said Finan. “It’s actually been fascinating to see how vertically integrated these organizations have become. You might have accounts receivable arms, R&D arms.”

Sometimes malicious hackers will attack SMBs as part of their “testing” process, he added. And their arsenal of tools of course now also include artificial intelligence, giving them machine speed to fuel malicious human intent.

Meanwhile, the rise of Covid-19, which has led to so much more business and activity being carried out online, has led to a growing “opportunity” for them, Finan said. “I have been astounded by the level of sophistication, and Covid has accelerated that shift downmarket.”

The problem is that SMBs, even those with thousands of employees, may lack the knowledge, budget or human resources to hire the kinds of security teams they need to have to address all of this.

“I wish that these small businesses were still under the radar because they are not up to the challenge for dealing with these groups,” said Bhalotra. “It’s just not the case any longer that they’re being ignored. We want to democratize cyber defense because hackers target everyone. We see multiple attacks daily, and they vary tremendously.”

There have been tools built to address security for SMBs before, although traditionally the focus has been around antivirus, firewalls and other basics. The key with what ActZero is doing is that it’s conceiving of SMB solutions on par with what is being built for their larger counterparts. It’s a next-generation security approach being taken also by a few others, including BlueVoyant and Skout, both of which have also raised sizeable rounds of funding.

The bet is that ActZero’s team’s track record and knowledge sets them up to be leaders in this area.

“ActZero has developed an elegant solution for addressing the most pressing security concerns of SMBs today with its unified, AI-powered platform,” said Dan Gwak, head of Point72 Hyperscale, in a statement. “ActZero is unique in its appreciation for and realization of a combined people and automation model. We believe that ActZero has the potential to transform how security solutions are delivered to help businesses achieve better security posture more affordably. We’re excited to partner with them on this critical journey.”

SoFi, more formally known as Social Finance, announced today that it has agreed to acquire Golden Pacific Bancorp (GPB) for about $22.3 million.

The dollar amount is not staggering. What is more notable about the acquisition is that it’s giving SoFi a quick route to getting a national bank charter. SoFi, a digital personal finance company, got preliminary approval for a bank charter last October. By acquiring Golden Pacific, the company gets a fast track into that process. Once the transaction closes later this year, GPB will become a subsidiary of the company.

A national bank charter will give SoFi the ability to accept deposits and make loans that use SoFi’s member deposits as opposed to funding its loan offerings as a non-bank, by contracting external underwriters at a premium.

As a result of the proposed acquisition, SoFi said it would switch its current de novo (ie, net new) bank application to a change of control application. GPB currently has about $150 million in assets, but if the OCC and Federal Reserve grants SoFi a national bank charter, the company said it will then put $750 million toward its national, digital business plan. At the same time, it will maintain GPB’s community bank business and footprint, including its current three physical branches. 

SoFi expects the acquisition to close by year’s end. At that time, GPB’s community bank business will operate as a division of SoFi Bank, N.A., a renaming of GPB’s bank entity. 

GPB President and CEO Virginia Varela will continue to lead the GPB community bank business under the direction of Paul Mayer, who will serve as president of SoFi Bank, N.A.

“We believe that by pursuing a national bank charter, we will be able to help even more people get their money right with enhanced value and more products and services,” said SoFi CEO Anthony Noto in a written statement. “We are thrilled to have found a partner in Golden Pacific Bank to both accelerate our pursuit to establish a national bank subsidiary, as well as begin to expand our offerings in SoFi’s financial products and Galileo’s technology platform to serve local communities.”

Noto is referring to SoFi’s 2020 acquisition of Galileo — which provides APIs that allow fintech companies to easily create bank accounts and issue physical and virtual credit cards — for $1.2 billion. 

SoFi expects to file shortly with the Federal Reserve for Bank Holding Company status and, together with GPB, to file an updated business plan with the OCC.

San Francisco-based SoFi is the latest in a string of fintechs that are either becoming banks, or launching bank arms.

Last week, TechCrunch reported that Square’s industrial bank, Square Financial Services, had begun operations. Square Financial Services completed the charter approval process with the FDIC and Utah Department of Financial Institutions, meaning it was ready for business as of last week.

And in February, we reported that Brex — a fast-growing company that sells a credit card tailored for startups — had applied for a bank charter. 

Many companies have turned to self-serve sales, which may encourage people to try freemium or open source versions of a product. Some percentage of these users may turn into paying customers, and in the best case will act as leaders to bring a product into their organization.

Calixa, an early stage startup believes that this type of sale, known as a bottom up sales motion, requires a new kind of tool to manage the process, and today it announced a $4.25 million seed round.

Kleiner Perkins led the round with help from Operator Collective, Liquid 2 Ventures and a bunch of individual investors. The round closed in February 2020, but is only being announced today.

Calixa co-founder and CEO Thomas Schiavone says the roots of the company began when he was working at Twilio in 2010, and saw how powerful it was for developers to purchase tooling themselves. And an idea began to form that CRM tools like Salesforce weren’t built to deal with this kind of sales motion.

“What I realized [at Twilio] was that developers were just signing up more and more every day, and that if you really wanted to stay on top of what was going on and try to effectively grow and retain those accounts, you weren’t looking in Salesforce,” Schiavone told me.

He said that he decided to start Calixa in 2019 to solve this problem once and for all. While this kind of user-driven, bottom up sale has been in place at software companies for years, he still saw a dearth of tools for dealing with its unique qualities in one place.

“We saw a great opportunity to build something that democratizes […] running a bottom up company by not only giving all customer facing teams the ability to see what’s going on with customers, but also take action,” he said.

This ability to manage the process and maybe extend a trial, issue a credit or even reset a password while letting these teams see and understand the underlying customer data was what set it apart from traditional CRMs.

“The central thesis here is that Salesforce and other CRMs, don’t have that data. They’re too divorced or too much in this rigid world of the typical sales model, and you need something different to be an effective company,” he said.

To use the product, you simply sign up and then link the various accounts the product needs to compile the data it needs. It uses various API connectors to make this happen, and all it requires is that you enter your user name and password to access the accounts and begins pulling together the data.

Bucky Moore, a partner at lead investor Kleiner Perkins says that the pandemic has accelerated the move to a bottom up approach as in person sales models have been impossible. “Core to the success of this strategy is a data-driven understanding of each customer and user. By democratizing this capability to companies of all sizes, Calixa’s opportunity is to become the de-facto customer operations platform for the modern software business,” Moore said.

Schiavone reports the company has 7 employees spread across the U.S., Canada and Columbia. He says that as he hires, he will have offices in cities close to his clusters of employees, but he sees a hybrid approach where employees can decide just how much they want to be in the office.

The company spent last year building the product and working with 21 beta customers. The product will be generally available starting today.

Building a strong board for your startup is key. It’s important to have folks on your board who have both the founder’s and the company’s best interests in mind, and are able to help the company navigate the many stages of a startup’s lifecycle.

At TechCrunch’s Early Stage event on April 1 – 2, Generation Investment Management Partner Dave Easton will talk about board composition, what it takes to make a great board and board governance as a startup scales.

At GIM, Easton has invested in startups like Asana, Andela, Gusto, DocuSign, Toast and others. Meanwhile, he serves on the boards of solar company M-KOPA and has previously served on the boards of Jumia Group and Narayana Health up until their respective initial public offerings.

Easton’s workshop is just one part of a two-day event exploring the many aspects of early-stage startups – check out the entire agenda line up here!  Be sure to grab your ticket to TC Early Stage — Operations and Fundraising on April 1-2 and save $100 or more when you get the dual-event ticket for both the April and July events.

Buckle up, startup and tech fans. Save the date and get ready to rub virtual elbows with mobility’s best and brightest minds — the movers, shakers and policy makers that are shaping the future of transportation.

TC Sessions: Mobility returns for its third year on June 9, 2021. Can you say mobility three-peat? Yes, you can!

We’re excited to host another day dedicated to the people — and the technology they’re developing — that’s changing transportation. TC Sessions: Mobility 2021 goes beyond hunting for the next unicorn or showcasing the gee-whiz distraction of the moment. We’ll explore the latest trends, discuss regulatory, technical and ethical challenges and look at the costs and long-term effects on towns and cities.

Pro tip: Early bird pricing is now in play on all pass levels and June will be here before you know it. Keep your hard-earned money in your pocket. Buy your passes now and save 35% before the prices increase.

We’re building out the day’s agenda, and we’ll pack it with presentations, interviews and Q&As with founders, investors and inventors. Enjoy breakout sessions, dozens of exhibiting startups and plenty of time to network and recruit — with attendees from around the world.

Take a look at some of the mobility mavens and transportation titans who joined us on the virtual stage at last year’s event to get a sense of the quality programming you should expect on June 9.

• JB Straubel, co-founder, CEO of Redwood Materials, co-founder and former Tesla CTO
• Tekedra Mawakana, COO, Waymo
• Matthew Johnson-Roberson, co-founder, Refraction AI
• Nancy Sun, co-founder and chief engineer, Ike
• Shin-pei Tsay, director of policy, cities and transportation, Uber
• Peter Rawlinson, CTO and CEO, Lucid Motors
• Margaret Stewart Nagle, head of policy and government affairs, Wing
• Paul Ajegba, director, Michigan Department of Transportation
• Celina Mikolajczak, vice president, battery technology, Panasonic Energy of North America, Panasonic
• Reilly Brennan, founding general partner, Trucks Venture Capital

Will you benefit from attending TC Sessions: Mobility 2021? Take it from Rachael Wilcox, creative producer at Volvo Cars, who completed a TechCrunch hat trick in 2020 by attending Disrupt, TC Sessions: Robotics/AI and TC Sessions: Mobility.

“Going to TechCrunch events, whether it’s Disrupt or TC Sessions, helps me stay ahead of emerging trends, technologies and startups that affect the future of mobility.”

TC Sessions: Mobility 2021 takes place on June 9, 2021. Learn from and engage with the industry’s mightiest minds, makers, innovators and investors. Buy your early bird pass, connect with your world-wide community and help build a new age of transportation.

Is your company interested in sponsoring or exhibiting at TC Sessions: Mobility 2021? Contact our sponsorship sales team by filling out this form.

A security vulnerability in a popular iPhone call recording app exposed thousands of users’ recorded conversations.

The flaw was discovered by Anand Prakash, a security researcher and founder of PingSafe AI, who found that the aptly named Call Recorder app allowed anyone to access the call recordings from other users — by knowing their phone number.

But using a readily available proxy tool like Burp Suite, Prakash could view and modify the network traffic going in and out of the app. That meant he could replace his phone number registered with the app with the phone number of another app user, and access their recordings on his phone.

TechCrunch verified Prakash’s findings using a spare phone with a dedicated account.

The app stores its user’s call recordings on a cloud storage bucket hosted on Amazon Web Services. Although the public was open and lists the files inside, the files could not be accessed or downloaded. The bucket was closed by press time.

At the time of writing, the cloud storage bucket had more than 130,000 audio recordings, amounting to some 300 gigabytes. The app says it has more than 1 million downloads to date.

TechCrunch contacted the app developer and held this story until the flaw was fixed. A new version of the app was submitted to Apple’s app store on Saturday. The release notes said the app update was to “patch a security report.”

Despite a brief response to our initial email acknowledging the security issue, the app developer Arun Nair has not returned several requests for comment.

---

Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using SecureDrop.