User blogs

Kosta Eleftheriou, a co-founder of the Fleksy keyboard app later sold to Pinterest in an acqui-hire deal, has been calling attention to Apple App Store issues like fake reviews, ratings and subscription scams, as well as malicious clone apps, after his own app, FlickType, was targeted by scammers. Now, the developer is taking the next step in his App Store crusade: he’s filing a lawsuit against Apple.

The suit, which the developer claims was filed Wednesday in California Superior Court in Santa Clara county, alleges that Apple enticed developers to build applications for its App Store — the only place iOS applications can be legally sold — by claiming it’s a safe and trustworthy place, but doesn’t protect legitimate app developers against scammers profiting from their hard work.

What’s more, the suit says, Apple is disincentivized to do so because scammers are generating revenue for Apple via their use of subscriptions, which involve a revenue share with Apple.

Eleftheriou has been personally impacted by App Store scammers. He left a well-paying job at Pinterest to develop his FlickType app, an alternative swipe keyboard for Apple Watch. After its launch, the app targeted by copycat app makers who claim their apps offer the same feature set as FlickType does, but instead lock users into high priced subscriptions for their poorly designed software. They also flood their apps with fake ratings and reviews to make them appear to be a much better option when users are looking for an app in this space.

Meanwhile, FlickType sports a 3.5-star rating, as it’s often dinged for Apple Watch platform issues that are outside the developer’s control or missing features users want to call attention to. Eleftheriou engages with his app’s users, however — responding to complaints and letting users know when features they’ve requested were added or bugs have been fixed. Scammers simply buy enough 5-star reviews to keep their apps’ overall ratings higher.

In other words, Eleftheriou is doing the hard work of being an App Store developer carving out a category for swipe keyboards for the Watch, but his potential income is being shifted over to scam apps who have a falsified App Store presence.

In years past, Apple took issues of app quality seriously. It worked to clean up shady subscription apps and remove clones and spam from the App Store through regular sweeps. It even once went so far as to ban apps built using templates in an effort to raise the bar on app quality, which angered small businesses who didn’t have the resources or funds to build more professional apps. (Apple later revised its policy to be more equitable.)

But the new lawsuit alleges that Apple is now doing little to police scammers’ apps because it profits from developer misconduct. Eleftheriou also notes he has raised these issues to Apple via his company KPAW, LLC, but Apple did “next to nothing” to resolve the problem.

Eleftheriou’s story is even more complicated, though, because his app was rejected from the App Store numerous times after meeting with Apple special projects manager Randy Marsden over a possible acquisition. He tells TechCrunch numbers were discussed with Apple and his meetings had included a Director and a VP, among others. Apple was considering turning FlickType into an Apple Watch feature, the lawsuit notes.

Shortly thereafter, FlickType was pulled from the App Store over App Store Review Guidelines violations, even as a competitor’s app was approved. Eleftheriou appealed for his app through Developer Relations but was given no guidance on how to prevent the same problem in the future, he said.

Over the months that followed, FlickType continued to face rejections from App Store Review. Apple’s App Store Review said that the app offered a “poor user experience,” even though tech journalists at numerous outlets had praised it, and Apple had once considering buying it. App Review also told the developer that “full keyboard apps are not appropriate for Apple Watch,” while it continued to allow competitors to publish their own keyboard apps.

Apple’s App Review team also allowed third-party apps that were running FlickType’s integratable version of the keyboard to be approved without issues. These included Watch apps like Nano for Reddit, Chirp for Twitter, WatchChat for WhatsApp, and Lens for Instagram.

After Apple approved FlickType in January 2020, the company claims it had already lost over a year of revenue to competitor keyboards that were not constantly being rejected. Nevertheless, FlickType reached the App Store’s Top 10 Paid app list and generated $130,000 in its first month. As a result of its success, it was quickly targeted by scammers who launched watered down, barely usable competitors to the app, cutting into FlickType’s revenue. FlickType’s revenue dropped to just $20,000 per month. The competitors were also using fake ratings to get their app boosted and installed by unsuspecting users.

Eleftheriou’s story was not unique, as it turned out. In recent months, he has been documenting the App Store’s multimillion-dollar scams, including those he was facing as well as others brought to his attention by developers with similar struggles. Apple, in some cases, would take action against the scammers he highlighted on social media. In other cases, it would not. And it would sometimes only take down one of the developer’s scam apps, but allow others under the same developer account to continue to operate.

The new lawsuit aims to hold Apple accountable for the issues Eleftheriou faced by asking Apple to restore his lost revenue and pay out any other damages awarded by the court.

Apple has not responded for a request for comment at this time.

A copy of the lawsuit is below. It is not yet appearing in public record searches for verification purposes. We’ll follow up to confirm when the case appears online and update accordingly.

Kpaw, LLC v. Apple, Inc by TechCrunch on Scribd

SecurityScorecard has been helping companies understand the security risk of its vendors since 2014 by providing each one with a letter grade based on a number of dimensions. Today, the company announced a $180 million Series E.

The round includes new investors Silver Lake Waterman, T. Rowe Price, Kayne Anderson Rudnick, and Fitch Venture along with existing investors Evolution Equity Partners, Accomplice, Riverwood Capital, Intel Capital, NGP Capital, AXA Venture Partners, GV (Google Ventures) and Boldstart Ventures. The company reports it has now raised $290 million.

Company co-founder and CEO Aleksandr Yampolskiy says the company’s mission has not changed since it launched. “The idea that we started the company was a realization that when I was CISO and CTO I had no metrics at my disposal. I invested in all kinds of solutions where I was completely in the dark about how I’m doing compared to the industry and how my vendors and suppliers were doing compared to me,” Yampolskiy told me.

He and his co-founder COO Sam Kassoumeh likened this to a banker looking at a mortgage application and having no credit score to check. The company changed that by starting a system of scoring the security posture of different companies and giving them a letter grade of A-F just like at school.

Today, it has ratings on more than 2 million companies worldwide, giving companies a way to understand how secure their vendors are. Yampolskiy says that his company’s solution can rate a new company not in the data set in just five minutes. Every company can see its own scorecard for free along with advice on how to improve that score.

He notes that in fact, the disastrous SolarWinds hack was entirely predictable based on SecurityScorecard’s rating system. “SolarWinds’ score has been lagging below the industry average for quite a long time, so we weren’t really particularly surprised about them,” he said.

The industry average is around 85 or a solid B in the letter grade system, whereas SolarWinds was sitting at 70 or a C for quite some time, indicating its security posture was suspect, he reports.

While Yampolskiy didn’t want to discuss valuation or revenue or even growth numbers, he did say the company has 17,000 customers worldwide including 7 of the 10 top pharmaceutical companies in the world.

The company has reached a point where this could be the last private fundraise it does before going public, but Yampolskiy kept his cards close on timing, saying it could happen some time in the next couple of years.

Saleor, a Poland and U.S.-based startup that offers a “headless” e-commerce platform to make it easier for developers to build better online shopping experiences, has raised $2.5 million in seed funding.

The round is led by Berlin’s Cherry Ventures, with participation from various angels. They include Guillermo Rauch (Vercel CEO and inventor of Next.js), Chris Schagen (former CMO of Contentful) and Kevin Mahaffey (co-founder of Lookout).

Saleor says the injection of capital will be invested in further developing Saleor‘s headless e-commerce platform, including a soon-to-launch cloud product and GraphQL API for front-end engineers.

Founded in 2020 but with a history going back to 2013, years before founders Mirek Mencel and Patryk Zawadzki spun out the product separate from their agency, Saleor is described as an “API-first” e-commerce platform that takes a “headless” approach. The idea is that the platform does the back-end heavy lifting so that developers can focus on the front end where most of the value is created for users.

“Saleor was born of necessity when our agency work at Mirumee Software required more modular, flexible and scalable e-commerce software,” Saleor co-founder Mirek Mencel recalls. “Most solutions for bigger brands came with proprietary baggage like vendor lock-in, slow adoption of new technologies and commercial certification programs. On the open-source side, we didn’t enjoy Magento’s developer experience and felt alternatives weren’t viable at scale”.

And so Saleor was conceived as an open-source platform focused on “technical excellence and quality” that could deliver greater scalability and extensibility than existing proprietary software. By 2016, the product had grown from something Mencel and Zawadzki’s agency used internally into a platform used by developers around the world.

“We could have stopped there, but saw brands pressing for more revolutionary front-end experiences,” Mencel says. “Decoupling Saleor’s core from its presentation layer was the obvious path to revolutionary front-ends. As difficult as it was, we tore down what was a rather good open-source e-commerce platform and rebuilt it API-first”.

Beyond their early headless conviction, the pair also came to the realisation that GraphQL delivered “more power, precision and developer happiness” than REST. Reasoning that most developers prefer “a few things done superbly to many things done well,” they committed exclusively to Saleor’s GraphQL API. “We have never looked back,” says Mencel.

In 2018, the original six-person team shipped Saleor 2.0. Now with a headcount of 20, Mencel says Saleor has a simple vision of developer-first commerce: open-source, GraphQL and “fair-priced” cloud — a vision that Cherry Ventures has clearly bought into.

“We are currently witnessing a paradigm shift with developers switching to headless commerce solutions, allowing more flexible, differentiated shopping experiences,” says Filip Dames, founding partner of Cherry. “Mirek, Patryk, and their team are at the forefront of this development and will enable innovative merchants to build state-of-the-art shopping experiences that scale across all consumer touch points and devices”.

“We decided to pursue venture backing as a way to increase the Saleor core team size and accelerate buildout of Saleor Cloud, which we’ll launch this year,” adds Mencel.

Cubyn, the Paris-based logistics startup that lets e-merchants outsource fulfilment and delivery logistics, has raised another €35 million in funding.

The round is led by Eurazeo and Bpifrance Large Venture, with participation from First Bridge Ventures and Fuse Venture Partners. Existing backers DN Capital, 360 Capital, Bpifrance Smart Cities fund and BNP Paribas Développement followed on.

Cubyn says it will use the new funding to double its team of 85 to more than 170 employees by the end of 2021, and deploy its service more internationally. First up is Spain and Portugal (launching next month), followed by Italy, the U.K. and Germany.

Impressively, the company will open a 25,000 square meter “automated” facility in the Paris area in the coming months as it looks to drive down costs and delivery times.

Originally offering pickup and delivery only, 18 months ago, shortly after Cubyn raised €12 million in Series B funding, the company launched “Cubyn Fulfilment,” seeing it enter fulfilment too.

Described at the time as a fully integrated solution that covers the entire fulfilment process, including keeping stock in Cubyn’s warehouses, it set the company up to grow off the back of an e-commerce boom, prompted not only by the pandemic most recently but also the continuing D2C and marketplace trend. For example, marketplaces Back Market, Rakuten, Mirakl and Fnac are currently using Cubyn.

Its proprietary technology aims to streamline merchant logistics, “ranging from web apps to advanced optimization through algorithm and warehouse robotics,” says Cubyn. The result is that it claims to be able to operate a fully integrated fulfilment solution at a fraction of the industry standard cost. This has seen the company grow its gross merchandise value (GMV) from €30 million to €250 million in 2020.

“Cubyn is disrupting the traditional e-commerce third party logistics market from the ground up, offering a better, faster and cross-border service at a 30% lower price,” says Cubyn co-founder and CEO Adrien Fernandez-Baca in a statement. “We are also providing merchants with not just additional revenue streams, but with our international roll out, we are now opening up new markets for them, outperforming other options available in terms of cost and delivery speed by far”.

“COVID has accelerated the need for merchants to have a reliable, scalable and tech fulfilment solution,” notes Antoine Izsak at Bpifrance Large Venture fund. “We’re excited to work with Cubyn to scale their business across Europe in the next few months”.

Adds Fernandez-Baca: “Today 85% of our shipments are in France, 15% international. With the funding, the ratio is predicted to change to 50-50”.

Years ago, Serge Salager, a Vancouver-based entrepreneur who’d taken a small company public on the Toronto Stock Exchange, was approached by deep-pocketed buyer who was interested in buying the business. Flattered but also nervous about who else the potential acquirer was talking with, Salager found himself scouring the web obsessively for news about other possible takeover targets, from changes to their pricing and features to job offers.

Salager was right to be paranoid. The buyer acquired a rival company. On the bright side, Salager had a new business idea — to create a much better service than existed at the time to track altered information across the web.

Enter Visualping, a now six-year-old, 16-person freemium service that monitors the entire internet for changes and has amassed 1.5 million users, an undisclosed percentage of which pay the company a monthly subscription fee based on how many web pages and keywords they are following. (Two searches per day are free; 660 per day will set users back $100 per month.)

Journalists like the service as it helps them keep tabs on the people and companies they cover. Law firms use it to stay on top of changing regulations, along with other information. Employees of Apple use it to keep track of what is being said about the company and where.

The use cases are almost endless, which works in Visualping’s favor, as does its apparent ease of use. Users simply provide the company with a screenshot of a page or the part of the page they want to keep tabs on, along with any keywords, and Visualping then informs them via email as soon as a site has been altered or a keyword has appeared somewhere.

Visualping — which has a browser extension and says a mobile app is coming this summer — has also benefited from the pandemic. Indeed, in lieu of endlessly refreshing the sites of companies like Rite Aid and CVS, more people are learning to use Visualping to keep tabs on the availability of  COVID-19 vaccinations, thanks to mentions of the startup in recent months in the WSJ, CNBC, and Fox News.

In the meantime, like other data companies, Visualping is getting smarter all the time by applying machine learning to the information it’s generating on behalf of its users, insists Salager. It won’t, for example, alert someone when the banner ads on a page have changed, or if a customer is tracking a major price change, Visualping can hold off on sending that person an alert until that price change meets a certain threshold.

Of course, with data comes privacy concerns, and on this front, Salager insists that Visualping is fully compliant with GDPR, the EU law on data protection and privacy.

He adds that the company may some day serve up targeted ads to its customers based on their search preferences, as does Google, but he says that for now, Visualping is instead focused wholly on building up new enterprise products, given that more companies have begun discovering it. That’s the vision that investors are funding, too, Salager says, sharing publicly for the first time that Visualping closed on $2 million in seed funding in December from Mistral Ventures, a Canadian fund, and N49P, and AngelList syndicate.

It’s not a ton of capital, he notes, but with the revenue that Visualping is generating, it’s enough to get the startup through the next two years, he says. And after that? We ask Salager if he sees a tie-up down the road and whether he’d be open to acquisition talks, given what happened with his last company.

He does and he is, he answered candidly. While one scenario sees Visualping becoming “publicly traded like Dropbox,” he says (Dropbox also catered to consumers before later growing its business offerings), another “good fit is Google,” he adds. “We believe we fit very well with Google Alerts, so maybe an exit to Google is something we try to do, too.