“Unhackable” BitFi crypto wallet has been hacked

The BitFi crypto wallet was supposed to be unhackable and none other than famous weirdo John McAfee claimed that the device – essentially an Android-based mini tablet – would withstand any attack. Spoiler alert: it couldn’t.

First, a bit of background. The $120 device launched at the beginning of this month to much fanfare. It consisted of a device that McAfee claimed contained no software or storage and was instead a standalone wallet similar to the Trezor. The website featured a bold claim by McAfee himself, one that would give a normal security researcher pause:

Further, the company offered a bug bounty that seems to be slowly being eroded by outside forces. They asked hackers to pull coins off of a specially prepared $10 wallet, a move that is uncommon in the world of bug bounties. They wrote:

We deposit coins into a Bitfi wallet
If you wish to participate in the bounty program, you will purchase a Bitfi wallet that is preloaded with coins for just an additional $10 (the reason for the charge is because we need to ensure serious inquiries only)
If you successfully extract the coins and empty the wallet, this would be considered a successful hack
You can then keep the coins and Bitfi will make a payment to you of $250,000
Please note that we grant anyone who participates in this bounty permission to use all possible attack vectors, including our servers, nodes, and our infrastructure

Hackers began attacking the device immediately, eventually hacking it to find the passphrase used to move crypto in and out of the the wallet. In a detailed set of Tweets, security researchers Andrew Tierney and Alan Woodward began finding holes by attacking the operating system itself. However, this did not match the bounty to the letter, claimed BitFi, even though they did not actually ship any bounty-ready devices.

Then, to add insult injury, the company earned a Pwnies award at security conference Defcon. The award was given for worst vendor response. As hackers began dismantling the device, BitFi went on the defensive, consistently claiming that their device was secure. And the hackers had a field day. One hacker, 15-year-old Saleem Rashid, was able to play Doom on the device.

The hacks kept coming. McAfee, for his part, kept refusing to accept the hacks as genuine.

Unfortunately, the latest hack may have just fulfilled all of BitFi’s requirements. Rashid and Tierney have been able to pull cash out of the wallet by hacking the passphrase, a primary requirement for the bounty. “We have sent the seed and phrase from the device to another server, it just gets sent using netcat, nothing fancy.” Tierney said. “We believe all conditions have been met.”

The end state of this crypto mess? BitFi did what most hacked crypto companies do: double down on the threats. In a recently deleted Tweet they made it clear that they were not to be messed with:

The researchers, however, may still have the last laugh.

Here’s where to sign up to get Fortnite for Android

Fortnite’s journey to Android has been a complicated one. A few months back, Epic Games promised to bring the wildly popular survival sandbox title to the mobile OS, but only after side stepping the traditional process for doing so. Fittingly, while it now appears to be live for Android, the process of actually getting the game is, well, complicated.

If you want to get started, you’ll need to sign up for a beta of the game. That’s right, while the title has been up and running on any number of other platforms (including its three-day head start on Samsung devices), it’s still in beta on Android. Give Epic your email address, and they’ll send you an invite…”as soon as you can play.”

How soon is that? Well, there appears to be a waiting list at the moment. How long all of this will take is anyone’s guess, though the company says it can take “a few days” for all of it to go through. Since the whole thing is bypassing the Google Play store (much to Google’s chagrin), you’ll need to install the Fortnite Installer APK to install Fortnite the game.

I went through a similar process to get the game on the Note 9. It’s weird and kind of annoying, but when it’s done, it’s done.

Oh, and you’ll want to make sure your phone is compatible. Epic’s got the full list here, which seems to include a pretty broad range, including Pixel devices and handsets from Huawei, LG, Nokia, OnePlus, Xiaomi, ZTE and Razer.

Google will lose $50 million or more in 2018 from Fortnite bypassing the Play Store

When Fortnite Battle Royale launched on Android, it made an unusual choice: it bypassed Google Play in favor of offering the game directly from Epic Games’ own website. Most apps and games don’t have the luxury of making this choice – the built-in distribution Google Play offers is critical to their business. But Epic Games believes its game is popular enough and has a strong enough draw to bring players to its website for the Android download instead. In the process, it’s costing Google around $50 million this year in platform fees, according to a new report.

As of its Android launch date, Fortnite had grossed over $180 million on iOS devices, where it had been exclusively available since launching as an invite-only beta on March 15th, before later expanding to all App Store customers.

According to data from app store intelligence firm Sensor Tower, the game has earned Apple more than $54 million thanks to its 30 percent cut of all the in-app spending that takes place on apps distributed in its store.

That’s money Epic Games isn’t apparently willing to give up to Google, when there’s another way.

Unlike Apple, which only allows apps to be downloaded from its own storefront, Google’s platform is more open. There’s a way to adjust an Android device’s settings to download apps and games from anywhere on the web. Of course, by doing so, users are exposed to more security risks, malware infections, and other malicious attacks.

For those reasons, security researchers are saying that Epic Games’ decision sets a dangerous precedent by encouraging people to remove the default security protections from their devices. They’re also concerned that users who look for the game on Google Play could be fooled into downloading suspicious copycat apps that may be trying to take advantage of Fortnite’s absence to scam mobile users.

Google seems to be worried about that, too.

For the first time ever, the company is informing Google Play users that a game is not available for download.

Now, when users search for things like “Fortnite” or “Fortnite Battle Royale,” Google Play will respond that the app is “not available on Google Play.” (One has to wonder if Google’s misspelling of “Royale” as “Royal” in its message was a little eff u to the gamemakers, or just a bit of incompetence.)

In any event, it’s an unusual response on Google’s part – and one it can believably claim was done to serve users as well as protect them from any potential scam apps.

However, the message could lead to some pressure on Epic Games, too. It could encourage consumer complaints from those who want to more easily (or more safely) download the game, as well as from those who don’t understand there’s an alternative method or are confused about how that method works.

In addition, Google is serving up the also hugely popular PUBG Mobile at the top of Fortnite search results followed by other games. In doing so, it’s sending users to another game that can easily eat up users’ time and attention.

For Google, the move by Epic Games is likely troubling, as it could prompt other large games to do the same. While one odd move by Epic Games won’t be a make or break situation for Google Play revenue (which always lags iOS), if it became the norm, Google’s losses could climb.

At present, Google is missing out on millions that will now go directly to the game publisher itself.

Over the rest of 2018, Sensor Tower believes Fortnite will have gained at least $50 million in revenues that would otherwise have been paid out to Google.

The firm expects that when Fortnite rolls out to all supported Android devices, its launch revenue on the platform will closely resemble the first several months of Apple App Store player spending.

It may even surpass it, given the game’s popularity continues growing and the standalone download allows it to reach players in countries where Google Play isn’t available.

Meanwhile, there have been concerns that the download makes it more difficult on users with older Android devices to access the game, because the process for sideloading apps isn’t as straightforward. But Sensor Tower says this will not have a large enough impact to affect Fortnite’s revenue potential in the long run.

Google isn’t sure how to spell ‘Fortnite Battle Royale’

The launch of Fortnite Battle Royale has left Google in a slight predicament. While Google is in no way hard up for cash, Fortnite Battle Royale for Android certainly represented the potential for a relatively big revenue stream for an app. That is, until Epic Games decided it would launch Fortnite for Android from its own website, circumventing the Play Store.

But revenue aside, there’s also the matter of Google probably not liking the idea of huge titles circumventing the Play Store as a precedent. Plus, the lack of Fortnite Battle Royale within the Play Store poses a slight security risk to users, as there are quite a few V-bucks scams and malicious clones looking to capitalize on the popularity of Fortnite.

That’s why the Google Play store now displays a message to users in response to searches for “Fortnite,” “Fortnite Battle Royale” and other similar search queries.

“Fortnite Battle Royal by Epic Games, Inc is not available on Google Play,” reads the message.

That’s right. Google misspelled the “Royale” in Battle Royale. It was likely an honest mistake, but given the fact that Epic Games is making upwards of $300 million in revenue a month, which Google is not getting a cut of, it makes for some fun back-and-forth for us spectators.

Google lists PUBG Mobile, Fortnite’s biggest competitor, at the top of all Fortnite Battle Royale queries, but doesn’t include anything in its message around how to actually find the real Fortnite Battle Royale for Android .

While Google Play’s app review process should catch the vast majority of malicious clones, the message is at least moderately helpful for folks hearing about the Android version of Battle Royale without knowing the details around Epic’s launcher.

For what it’s worth, Fortnite for Android isn’t yet available to everyone. The game launched yesterday as a Samsung exclusive for folks with a Galaxy S 7 or higher, and will become available to all Android phone owners on August 12.

[via 9to5Google]

Fossil announces new update Android Wear watches with HR tracking, GPS

Fossil’s Q watch line is an interesting foray by a traditional fashion watchmaker into the wearable world. Their latest additions to the line, the Fossil Q Venture HR and Fossil Q Explorist HR, add a great deal of Android Wear functionality to a watch that is reminiscent of Fossil’s earlier, simpler watches. In other words, these are some nice, low-cost smartwatches for the fitness fan.

The original Q watches included a clever hybrid model with analog face and step counter. As the company expanded into wearables, however, they went Android Wear route and created a number of lower-powered touchscreen watches. Now, thanks to a new chipset, Fossil is able to add a great deal more functionality in a nice package. The Venture and the Explorist adds untethered GPS, NFC, heart rate, and 24 hour battery life. It also includes an altimeter and gyroscope sensor.

The new watches start at $255 and run the Qualcomm Snapdragon Wear 2100 chip, an optimized chipset for fitness watches.

The watch comes in multiple styles and with multiple bands and features 36 different faces including health and fitness-focused faces for the physically ambitious. The watch also allows you to pay with Google Pay – Apple Pay isn’t supported – and you can store content on the watch for runs or walks. It also tracks swims and is waterproof. The Venture and Explorist are 40mm and 45mm respectively and the straps are interchangeable. While they’re no $10,000 Swiss masterpiece, these things look – and work – pretty good.

Gmail for iOS and Android now lets you turn off conversation view

When Gmail launched with its threaded conversation view feature as the default and only option, some people sure didn’t like it and Google quickly allowed users to turn it off. On mobile, though, you were stuck with it. But here’s some good news for you conversation view haters: you can now turn it off on mobile, too.

The ability to turn off conversation view is now rolling out to all Gmail app users on iOS and Android . So if you want Gmail to simply show you all emails as they arrive, without grouping them to”make them easier to digest and follow,” you’re now free to do so.

If you’ve always just left conversation view on by default, maybe now is a good time to see if you like the old-school way of looking at your email better. I personally prefer conversation view since it helps me keep track of conversations (and I get too many emails already), but it’s pretty much a personal preference.

To make the change, simply tap on your account name in the Settings menu and look for the “conversation view” check box. That’s it. Peace restored.

Google plans to roll out digital wellness features in Pie but Apple’s already got ’em

Google hopes to add a few digital wellness features to its latest desserted update, Pie (out today) but Apple is already on this health track with its latest update for iOS 12.

Digital wellness allows users to keep track of time spent on and unplug from your digital device when needed. Google announced the new wellness features coming to Android at I/O in May, including a dashboard for digital wellness, or the ability to track just how much time you spend on your device, an app timer that lets you set time limits on apps, a new Do Not Disturb feature that silences pop-up notifications and Wind Down, a feature to help you switch on Night Light and Do Not Disturb when it’s time to hit the hay.

Apple is also making digital wellness a focus. New features in this space were announced during its WWDC conference earlier this summer and the company has included an updated “Do Not Disturb” feature in the iOS 12 update, also out today.

Several studies have suggested the importance of unplugging and breaking our addictions to our smartphones for our sanity’s sake, and it seems Google would like to help us do just that with these new features. However, the new digital wellness features aren’t quite available in the latest Pie update, out today. We’ve asked Google why not and will update you when and if we hear back on that.

Meanwhile, Apple continues to roll ahead, adding its own controls to help iPhone owners curb their app and screen time usage. Similar to Android’s future offerings, iOS 12 includes a dash with a weekly report on how you spend time on your device. A feature called Downtime helps you schedule time away from your screen (versus just leaving your phone somewhere, seeing a notification and being tempted to pick it up), a feature to set time limits on apps and a way to block inappropriate content from reaching your screen as well.

Apple beats Android in this department for now, but those features will supposedly be made available to everyone with a Google phone eventually. For those wanting to check out the new digital wellness features for Android, you can still do that today, but only if you happen to have a Google Pixel — and only if you’ve signed up for the beta version.

Chinese tech stocks tumble from more than just trade tensions

Editor’s note: This post originally appeared on TechNode, an editorial partner of TechCrunch based in China.

Reports of trade tensions between China and the US in the past few months have been hard to ignore. In early July, the US imposed $34 billion on Chinese goods, prompting the Shenzhen Component Index, dominated by technology and consumer product stocks, to fall to its lowest point since 2014, igniting fears among investors.

“The U.S. tariffs, coupled with a falling yuan, will significantly increase the cost for many Chinese technology companies that rely on imported raw materials, such as semiconductors, integrated circuits, and electric components,” Zhang Xia, an analyst for China Merchants Bank Securities, told the South China Morning Post.

Additionally, the U.S. commerce department announced yesterday it will place an embargo on 44 Chinese companies—including the world’s largest surveillance equipment manufacturer Hikvision—for “acting contrary to the national interests or foreign policy of the United States.” The move caused the companies’ share prices to fall by nearly six percent.

However, the focus has shifted to more than just the trade war. And a number of big Chinese tech companies have seen their share prices plummet for other reasons.

Pinduoduo, China’s latest e-commerce giant to list on the Nasdaq, found that an initial public offering (IPO) is not a panacea. Conversely, its listing has drawn attention to the company’s counterfeit products. And investors are not happy.

Tencent’s shares have nosedived by over 25 percent since its peak in January, erasing $143 billion in market value over the past seven months.

Search giant Baidu also hasn’t been immune. The company’s stock price dropped by nearly 8 percent this week following news that Google plans to re-enter the Chinese market.

Government crackdowns

While IPOs are usually a cause for celebration, Pinduoduo has proven this past week they can also be bad for business. The company—which has integrated e-commerce and social media—caters to low-income consumers living outside first and second-tier cities. It has been plagued by accusations of facilitating the sale of counterfeit low-quality goods.

Just days after going public, its share price tumbled by 16 percent, falling below its offer price of $19. The drop was, in part, initiated by requests made by television maker Skyworth to remove counterfeit listings of its products from the e-commerce firm’s marketplace.

The company announced (in Chinese) this week that it had removed 10.7 million listings of problematic goods. However, this did little to assuage concerns from investors and regulators after the latter launched an inquiry into Pinduoduo’s product listings. Its stock price dropped to 30 percent below its closing price on its first day of trading, wiping out over $9 billion in value.

This is unlikely to be helped by the fact that seven U.S. law firms have launched investigations into the company on behalf of its investors. The statement issued by the firms shows that investors suffered financial losses after Chinese regulators began looking into the company’s dealings. The company met today with regulators and agreed to improve its products’ vetting procedures.

However, it’s not only e-commerce platforms that have been affected. Video streaming service Bilibili has seen its stock price drop by almost 21 percent since July 20. The decline comes amid renewed efforts led by the Cyberspace Administration of China (CAC) to crack down on what it deems to be “vulgar” or “inappropriate” content.

The company has subsequently had its app removed from app stores in the country for one month. Nasdaq-listed Bilibili responded by saying it is “in deep self-review and reflection.”

Screenshot of the drop in Bilibili’s stock price. Accessed August 3, 2018

Rumored competition

Baidu, which runs China’s biggest search engine, found that even unconfirmed competition can cause stocks to tumble. In a move which could mark its re-entry into the Chinese market, news broke this week that Google has plans to launch an Android app that could provide filtered results to users in China.

Baidu currently commands nearly 70 percent of China’s search market. Google shut down its search engine in China in 2010 over censorship concerns, giving up access to a vast market. China’s online population now exceeds 770 million, double the entire populace of the U.S. and more than that of Europe.

Baidu’s income is still highly dependant on ad revenue, which increased by 25 percent in the second quarter. Google’s return is clearly seen as a threat, causing Baidu’s stock price to fall from $247.18 on July 31 to $226.83 on August 2. This marks the most significant fall since the company announced the departure of its chief operating officer Lu Qi in May.

Steady decline

Nonetheless, all these losses seem insignificant in comparison to Tencent’s. The company saw its stock price increase by 114 percent in 2017, reaching a record high in January 2018. However, since then, the price has dropped by nearly $130 per share, eviscerating a considerable portion of its market value. In July alone, its stock price fell by 9.9 percent. The company’s devaluation tops Facebook’s $130 billion rout following its earnings call last month.

In April, the company lost over $20 billion in value after South African investment and media firm Naspers — an early and loyal backer — announced it was trimming its stake by two percent. Additionally, Martin Lau, the company’s president, sold one million of his shares in the company. This, added to the Naspers sale and warnings of margin pressure, led to a loss of $51 billion in market value.

“Investors are increasingly pricing in lower expectations for Tencent’s interim results,” Linus Yip, a strategist at First Shanghai Securities in Hong Kong, told Bloomberg.

Yip expects the downward trend to continue, and not just for Tencent. “Overall, tech companies are facing a similar problem. They have been enjoying fast profit growth in the past few years, so it will be difficult for them to maintain similar growth in the future as the competition grows and some segments are saturated,” he said.

MallforAfrica goes global, Kobo360 and Sokowatch raise VC, France explains its $76M fund

B2B e-commerce company Sokowatch closed a $2 million seed investment led by 4DX Ventures. Others to join the round were Village Global, Lynett Capital, Golden Palm Investments, and Outlierz  Ventures.

The Kenya based company aims to shake up the supply chain market for Africa’s informal retailers.

Sokowatch’s platform connects Africa’s informal retail stores directly to local and multi-national suppliers—such as Unilever and Proctor and Gamble—by digitizing orders, delivery, and payments with the aim of reducing costs and increasing profit margins.

“With both manufacturers and the small shops, we’re becoming the connective layer between them, where previously you had multiple layers of middle-men from distributors, sub-distributors, to wholesalers,” Sokowatch founder and CEO Daniel Yu told TechCrunch.

“The cost of sourcing goods right now…we estimate we’re cutting that cost by about 20 percent [for] these shopkeepers,” he said

“There are millions of informal stores across Africa’s cities selling hundreds of billions worth of consumer goods every year,” said Yu.

These stores can use Sokowatch’s app on mobile phones to buy wares directly from large suppliers, arrange for transport, and make payments online. “Ordering on SMS or Android gets you free delivery of products to your store, on average, in about two hours,” said Yu.

Sokowatch generates revenues by earning “a margin on the goods that we’re selling to shopkeepers,” said Yu. On the supplier side, they also benefit from “aggregating demand…and getting bulk deals on the products that we distribute.”

The company recently launched a line of credit product to extend working capital loans to platform clients. With the $2 million round, Sokowatch—which currently operates in Kenya and Tanzania—plans to “expand to new markets in East Africa, as well as pilot additional value add services to the shops,” said Yu.

MallforAfrica and DHL launched MarketPlaceAfrica.com: a global e-commerce site for select African artisans to sell wares to buyers in any of DHL’s 220 delivery countries.

The site will prioritize fashion items — clothing, bags, jewelry, footwear and personal care — and crafts, such as pictures and carvings. MallforAfrica is vetting sellers for MarketPlace Africa online and through the Africa Made Product Standards association (AMPS), to verify made-in-Africa status and merchandise quality.

“We’re starting off in Nigeria and then we’ll open in Kenya, Rwanda and the rest of Africa, utilizing DHL’s massive network,” MallforAfrica CEO Chris Folayan told TechCrunch about where the goods will be sourced. “People all around the world can buy from African artisans online, that’s the goal,” Folayan told TechCrunch.

Current listed designer products include handbags from Chinwe Ezenwa and Tash women’s outfits by Tasha Goodwin.

In addition to DHL for shipping, MarketPlace Africa will utilize MallforAfrica’s e-commerce infrastructure. The startup was founded in 2011 to solve challenges global consumer goods companies face when entering Africa.

French President Emmanuel Macron  href=”https://pctechmag.com/2018/05/french-president-emmanuel-macron-launches-a-usd76m-africa-startup-fund/”>unveiled a $76 million African startup fund at VivaTech 2018 and TechCrunch paid a visit to the French Development Agency (AFD) — who will administer the new fund — to get details on how it will work.

The $76 million (or €65 million) will divvy up into three parts, AFD Digital Task Team Leader Christine Ha told TechCrunch.

“There are €10 million [$11.7 million] for technical assistance to support the African ecosystem… €5 million will be available as interest-free loans to high-potential, pre-seed startups…and…€50 million [$58 million] will be for equity-based investments in series A to C startups,” explained Ha during a meeting in Paris.

The technical assistance will distribute in the form of grants to accelerators, hubs, incubators and coding programs. The pre-seed startup loans will issue in amounts up to $100,000 “as early, early funding to allow entrepreneurs to prototype, launch and experiment,” said Ha.

The $58 million in VC startup funding will be administered through Proparco, a development finance institution — or DFI — partially owned by the AFD. “Proparco will take equity stakes, and will be a limited partner when investing in VC funds,” said Ha.

Startups from all African countries can apply for a piece of the $58 million by contacting any of Proparco’s Africa offices.

The $11.7 million technical assistance and $5.8 million loan portions of France’s new fund will be available starting in 2019. On implementation, AFD is still “reviewing several options…such as relying on local actors through [France’s] Digital Africa platform,” said Ha. President Macron followed up the Africa fund announcement with a trip to Nigeria last month.

Nigerian logistics startup Kobo360 was accepted into Y Combinator’s 2018 class and gained some working capital in the form of $1.2 million in pre-seed funding led by Western Technology Investment.

The startup — with an Uber like app that connects Nigerian truckers to companies with freight needs — will use the funds to pay drivers online immediately after successful hauls.

Kobo360 is also launching the Kobo Wealth Investment Network, or KoboWIN — a crowd-invest, vehicle financing program. Through it, Kobo drivers can finance new trucks through citizen investors and pay them back directly (with interest) over a 60-month period.

On Kobo360’s utility, “We give drivers the demand and technology to power their businesses,” CEO Obi Ozor told TechCrunch. “An average trucker will make $3,500 a month with our app. That’s middle class territory in Nigeria.”

Kobo360 has served 324 businesses, aggregated a fleet of 5480 drivers and moved 37.6 million kilograms of cargo since 2017, per company stats. Top clients include Honeywell, Olam, Unilever, and DHL.

Ozor thinks the startup’s asset-free, digital platform and business model can outpace traditional long-haul 3PL providers in Nigeria by handling more volume at cheaper prices.

“Logistics in Nigeria have been priced based on the assumption drivers are going to run empty on the way back…When we now match freight with return trips, prices crash.”

Kobo360 will expand in Togo, Ghana, Cote D’Ivoire and Senegal.

[PHOTO: BFX.LAGOS] And finally, applications are open for TechCrunch’s Startup Battlefield Africa, to be held in Lagos, Nigeria, December 11. Early-stage African startups have until September 3 to apply here.

More Africa Related Stories @TechCrunch

More Africa Related Stories @TechCrunch

·         CowryWise micro-savings service opens high-yield government bonds to everyday Nigerians


African Tech Around the Net

·         More Than Half of Sub-Saharan Africa to Be Connected to Mobile by 2025, Finds New GSMA Study
·         Ethiopia’s Gebeya acquires Coders4Africa to accelerate its growth
·         Rwanda, Andela partner to launch pan-African tech hub in Kigali
·         Google’s free public Wi-Fi initiative expanded to Africa
·         Accounteer wins 2018 MEST Entrepreneur challenge
·         SafeBoda completes expansion to Kenya, now live in Nairobi
·         Uganda government sued over social media tax

Google Maps’ location sharing will now share your phone’s battery status, too

Early in 2017, Google added a feature to Google Maps that lets you opt to share your location in (near) real time with your close friends and family. Now they’re fleshing out that info with another important little detail: your phone’s remaining battery charge.

It looks like this:

Wondering why anyone might care about the status of your battery?

If you try to ping someone’s location and their phone is dead, there’s not much an app can do. Most location-sharing apps will just sit there and spin while they wait for some sort of response, leaving you to worry about all the reasons their phone might not be responding with a current location. Did they lose signal? Did someone steal their phone?

By clueing you in on whether someone’s phone is just about to die, you’ve at least got a better idea as to what’s going on when the updates go silent.

The folks over at AndroidPolice spotted this in a Google Maps APK teardown back in February, so we knew it was on the way. A few people have mentioned seeing it pop up on their devices since (including variations that only showed when the battery was low), but today it seems to have gone live for a much larger audience.

While the feature is clever, Google isn’t the first to think of it. For example: Zenly, the social map app acquired by Snapchat last year, had a similar feature at launch back in 2016.