WhatsApp just fixed a vulnerability that allowed malicious actors to remotely install spyware on affected phones, and an unknown number reportedly did so with a commercial-grade snooping package usually sold to nation-states.

The vulnerability (documented here) was discovered by the Facebook-owned WhatsApp in early May, the company confirmed to TechCrunch. It apparently leveraged a bug in the audio call feature of the app to allow the caller to allow the installation of spyware on the device being called, whether the call was answered or not.

The spyware in question that was detected as having been installed was Israel-based NSO Group’s Pegasus, which is usually (ostensibly) licensed to governments looking to infect targets of investigations and gain access to various aspects of their devices.

This is, as you can imagine, an extremely severe security hole, and it is difficult to fix the window during which it was open, or how many people were affected by it. Without knowing exactly what the exploit was and what data WhatsApp keeps regarding that type of activity, we can only speculate.

The company said that it suspects a relatively small number of users were targeted, since it would be nontrivial to deploy, limiting it to advanced and highly motivated actors..

Once alerted to the issue’s existence, the company said it took less than 10 days to make the required changes to its infrastructure that would render the attack inoperable. After that, an update went out to the client that further secured against the exploit.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” the company said in a statement.

So what about NSO Group? Is this attack their work as well? The company told the Financial Times, which first reported the attack, that it was investigating the issue. But it noted that it is careful not to involve itself with the actual applications of its software — it vets its customers and investigates abuse, it said, but it has nothing to do with how its code is used or against whom.

WhatsApp did not name NSO in its remarks, but its suspicions seem clear:

“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”

Naturally when a security-focused app like WhatsApp finds that a private company has, potentially at least, been secretly selling a known and dangerous exploit of its protocols, there’s a certain amount of enmity. But it’s all part of the 0-day game, an arms race to protect against or breach the latest security measures. WhatsApp notified the Department of Justice and “a number of human rights organisations” of the issue.

You should, as WhatsApp suggests, always keep your apps up to date for situations like this, although in this case the problem was able to be fixed in the backend before clients could be patched.

Of the many categories in the tech world, none is more ferociously competitive than enterprise. For decades, SAP, Oracle, Adobe, Microsoft, IBM and Salesforce, to name a few of the giants, have battled to deliver the tools businesses want to become more productive and competitive. That market is closing in on $500 billion in sales per year, which explains why hundreds of new enterprise startups launch every year and dozens are acquired by the big incumbents trying to maintain their edge.

Last year alone, the top ten enterprise acquisitions alone were worth $87 billion and included IBM’s acquiring Red Hat for $34 billion, SAP paying $8 billion for Qualtrics, Microsoft landing GitHub for $7.5 billion, Salesforce acquiring MuleSoft for $6.5 billion Adobe grabbing Marketo for $4.75 billion. No startup category has made more VC and founders wildly wealthy, and none has seen more mighty companies rise faster or fall harder. That technology and business thrill ride makes enterprise a category TechCrunch has long wanted to tackle head on.

TC Sessions: Enterprise (Sept. 5 at San Francisco’s Yerba Buena Center) will take on the big challenges and promise facing enterprise companies today. TechCrunch’s editors, notably Frederic Lardinois, Ron Miller, and Connie Loizos, will bring to the stage founders and leaders from established and emerging companies to address rising questions like the promised revolution from machine learning and AI, intelligent marketing automation, and the inevitability of the cloud, as well as the outer reaches of technology, like quantum and blockchain.

We’ll enlist proven enterprise-focused VCs to reveal where they are directing their early, middle and late stage investments. And we’ll ask the most proven serial entrepreneurs to tell us what it really took to build that company, and which company they would like to create next. All throughout the show, TechCrunch’s editors will zero in on emerging enterprise technologies to sort the hype from the reality. Whether you are a founder, an investor, enterprise-minded engineer, or a corporate CTO / CIO, TC Sessions: Enterprise will provide a valuable day of new insights and great networking.

Tickets are now available for purchase on our website at the early-bird rate of $395. Want to bring a group of people from your company? Get an automatic 15% savings when you purchase 4 or more tickets at once. Are you an early stage startup? We have a limited number of Startup Demo Packages available for $2000 which includes 4 tickets to attend the event. Students are invited to apply for a reduced price student ticket at just $245. Additionally, for each ticket purchase for TC Sessions: Enterprise, you will also be registered for a complimentary Expo Only pass to TechCrunch Disrupt SF on October 2-4.

Interested in sponsoring TC Sessions: Enterprise? Fill out this form and a member of our sales team will contact you.

Shares of technology companies were hit hard as China retaliated against the U.S. in the latest salvo of the ongoing trade war between the two countries.

The S&P 500 Index shed roughly $1.1 trillion of value while the Dow Jones Industrial Average and the Nasdaq Composite Index fell 2.38 percent and 3.41percent, respectively.

On Monday, China responded in equal measure to the U.S. raising tariffs on imports to 25%, by imposing 25% duties on some $60 billion of U.S. exports to the country.

On June 1, Beijing will impose 25% tariffs on more than 5,000 products. Several more exports to the country will see their duties rise to 20%. That’s up from 10% and 5% previously. The highest tariffs seem to be on products designed to cause pain among President Donald Trump’s political base of support — animal products, fruits and vegetables that come from the Midwest.

But tech companies are particularly expose in the trade war. Indeed, the news sent technology shares spiraling in what venture capitalist (and former TechCrunch co-editor-in-chief) Alexia Bonatsos called the “Tech Red Wedding”.

Rising tariffs will make the tech products from Apple and other American tech companies more expensive to manufacture, which will likely cause hardware manufacturers to raise prices at home, while duties on the finished goods coming to China could make them prohibitively expensive for local buyers in the country.

More expensive consumer products also mean less money to spend on non-essential items, which could mean more frugal behavior from consumers and less spending in the on-demand economy. It could also cause a pull-back in advertising as companies retrench and cut spending in areas that are considered to be non-core.

All of that could leave tech stocks exposed — beyond algorithms just dumping holdings and taking profits in what looks to be a prolonged market downturn.

The trade war, which already took a toll on Uber’s initial public offering, took another bite out of the company’s (short term) stock market performance today.

Uber was far from the only tech stock seeing red. Shares of Amazon were down 3.56 percent, Alphabet was down 2.66 percent, and Apple fell 5.81 percent. Meanwhile Facebook shares fell 3.61 percent; Netflix tumbled over 4 percent on the day.

Things may look up for some tech companies again, but they’re unlikely to receive the kind of bailouts or subsidies that the President is offering to American farmers hit by the economic battle with China. Unless Congress can get stalled negotiations around an infrastructure package back on track (something that seems less and less likely as the 2020 elections start to cast their shadow over the business of governing), there’s little hope for any government assistance that could cushion the blow.

“Our view is this could escalate for at least a matter of weeks, if not months, and it’s really to get the two back to the negotiating table and finish the deal, is probably going to require more pain in the markets…Really the only question is if we need a 5%, 10% or bigger market correction,” Ethan Harris, head of global economics at Bank of America Merrill Lynch, told CNBC.

It’s not looking great for ride-hailing giant Uber (NYSE: UBER). Today, Uber closed its second day of trading down more than 18.8 percent from its IPO price at $37.25 per share with a market cap of $62.2 billion.

Uber, which was previously valued at $72 billion by venture capitalists on the private market, priced its stock at $45 a share for an $82.4 billion valuation last week. On day one, Uber closed at $41.57 a share.

In a memo obtained by CNBC, Uber CEO Dara Khosrowshahi told employees today that, “like all periods of transition, there are ups and downs. Obviously, our stock did not trade as well as we had hoped post-IPO. Today is another tough day in the market, and I expect the same as it relates to our stock.”

Moving forward, Khosrowshahi urged employees to focus on the long-term. He also pointed to the comebacks both Facebook and Amazon made post-IPO.

Lyft has similarly suffered on the public market since its IPO in March. Lyft closed the day at $48.15 with a market cap of $13.8 billion.

In this section of my exploration into innovation in inclusive housing, I am digging into the 200+ companies impacting the key phases of developing and managing housing.

Innovations have reduced costs in the most expensive phases of the housing development and management process. I explore innovations in each of these phases, including construction, land, regulatory, financing, and operational costs.

• Reducing Construction Costs
• Reducing Land Costs
• Reducing Regulatory Costs
• Reducing Financing Costs
• Operations

Reducing Construction Costs

This is one of the top three challenges developers face, exacerbated by rising building material costs and labor shortages.

Housing is big money. The industry has trillions under management and hundreds of billions under development.

And investors have noticed the potential. Opendoor raised nearly $1.3 billion to help homeowners buy and sell houses more quickly. Katerra raised $1.2 billion to optimize building development and construction, and Compass raised the same amount to help brokers sell real estate better. Even Amazon and Airbnb have entered the fray with high-profile investments.

Amidst this frenetic growth is the seed of the next wave of innovation in the sector. The housing industry — and its affordability problem — is only likely to balloon. By 2030, 84% of the population of developed countries will live in cities.

Yet innovation in housing lags compared to those of other industries. In construction, a major aspect of housing development, players spend less than 1% of their revenues on research and development. Technology companies, like the Amazons of the world, spend nearly 10% on average.

Innovations in older, highly-regulated industries, like housing and real estate, are part of what Steve Case calls the “third wave” of technology. VCs like Case’s Revolution Fund and the SoftBank Vision Fund are investing billions into what they believe is the future.

These innovations are far from silver bullets, especially if they lack involvement from underrepresented communities, avoid policy, and ignore distributive questions about who gets to benefit from more housing.

Yet there are hundreds of interventions reworking housing that cannot be ignored. To help entrepreneurs, investors, and job seekers interested in creating better housing, I mapped these innovations in this package of articles.

To make sense of this broad field, I categorize innovations into two main groups, which I detail in two separate pieces on Extra Crunch. The first (Part 1) identifies the key phases of developing and managing housing. The second (Part 2) section identifies interventions that contribute to housing inclusion more generally, such as efforts to pair housing with transit, small business creation, and mental rehabilitation.

Unfortunately, many of these tools don’t guarantee more affordability. Lowering acquisition costs, for instance, doesn’t mean that renters or homeowners will necessarily benefit from those savings. As a result, some tools likely need to be paired with others to ensure cost savings that benefit end users — and promote long-term affordability. I detail efforts here so that mission-driven advocates as well as startup founders can adopt them for their own efforts.

Topics We Explore

Today:

• Part 1. Innovations in the key phases of housing
  • Reducing Land Costs
  • Reducing Construction Costs
  • Reducing Regulatory Costs
  • Reducing Financing Costs
  • Operations

Coming Tomorrow:

• Part 2. Other contributions to housing affordability
  • Social Impact Innovations
  • Landlord-Tenant Tools
  • Innovations that Increase Income
  • Innovations that Increase Transit Accessibility and Reduce Parking
  • Innovations that Improve the Ability to Regulate Housing
  • Organizations that Support the Housing Innovation Ecosystem
• This is Just the Beginning
• I’m Personally Closely Watching the Following Initiatives.
• The Limitations of Technology
• Move Fast and Protect People

Please feel free to let me know what else is exciting by adding a note to your LinkedIn invite here.

If you’re excited about this topic, feel free to subscribe to my future of inclusive housing newsletter by viewing a past issue here.

Spotify is testing its own version of Stories — the sharing format popularized by social apps like Snapchat and Instagram and has since made its way to other apps like Facebook, YouTube, WhatsApp, and others. In Spotify’s case, it’s not called “Stories” but rather “Storyline,” and the focus is on allowing artists to share their own insights, inspiration, details about their creative process, or other meanings behind the music.

This is very much similar to what Spotify’s “Behind the Lyrics” feature today offers. But instead of pop-up cards that load in time with the music, Spotify Storyline is very much a Stories-like experience where users tap through the different screens at their own pace, and where horizontal lines at the top indicate how many screens still await them ahead.

By comparison, “Behind the Lyrics” pulls in this sort of background information from Spotify’s partner, Genius — and Genius doesn’t always get things right. This, in fact, was the cause of a bit of an uproar recently, when Paramore singer Hayley Williams took to Twitter to yell at Spotify for running “outdated facts” on “Behind the Lyrics” — something she said her management team had tried to get changed for a year.

After her tweet went viral, Genius reached out to help. But following the incident, music fans pointed out other inaccuracies in “Behind the Lyrics” including misstated facts on 21 Pilots’ song “Jumpsuit” and Travis Scott’s “Yosemite,” for example.

For Spotify, one possible solution to this problem could be to allow artists and their management teams to take control over what’s displayed as the song plays — while adopting the popular Stories format in the process. But at present, the Storyline feature is appearing on top of “Behind the Lyrics” which is a bit odd and confusing.

We understand that Storyline is only a test for the time being on both iOS and Android, but not desktop. It’s available in the U.S. and in other markets, but Spotify isn’t commenting as to who may be seeing the test at this time or where.

If you are a part of the test group, you’ll see an indicator on the bottom of the screen that alerts you to the additional content. You can then swipe up anywhere on the screen that’s not a button in order to reveal the story and start tapping. The stories may contain lyrics, text or images.

For the time being, there’s no direct way for any artist or management team to contribute to Storyline. Those involved are working with Spotify directly. But it wouldn’t be unreasonable to think that the feature could be something that’s built into the Spotify Artist Dashboard in the future, if it proved to deliver the sort of positive engagement Spotify hopes to see.

The feature, if launched, would give Spotify its own sort of original content — an area that hadn’t fared so well in the past when Spotify was producing its own original videos, for example. And it would better cater to Spotify’s younger demographic who already understand and regularly use Stories in other social apps.

Android Police was first to spot the news (via Reddit), and found it was live on a handful of songs including Jonas Brothers’ “Sucker” and several by Billie Eilish (“Bad Guy,” “Bury a Friend,” “When the Party’s Over,” “Wish You Were Gay.”) We also understand it’s showing up on MAX’s “Love Me Less.” Plus, Reddit users claim to have seen on it 2 Chainz’ “Forgiven,” The Beaches’ “Snake Tongue,” and others.

Spotify confirmed to TechCrunch it’s testing Storyline in a brief statement.

“We are always testing new ways to create better experiences for more users,” a spokesperson said, when asked about the feature. The company didn’t offer any information about when it would roll out more broadly.

Since the launch of its IPO in mid-April, Zoom stock has skyrocketed, up nearly 30% as of Monday’s open. However, as the company’s valuation continues to tick up, analysts and industry pundits are now diving deeper to try and unravel what the company’s future growth might look like.

TechCrunch’s venture capital ax Kate Clark has been following the story with a close eye and will be sitting down for an exclusive conversation with Zoom CEO Eric Yuan on Wednesday at 10:00 am PT. Eric, Kate and Extra Crunch members will be taking a look back at the company’s listing process and Zoom’s road to IPO.

Tune in to join the conversation and for the opportunity to ask Eric and Kate any and all things Zoom.

To listen to this and all future conference calls, become a member of Extra Crunch. Learn more and try it for free.

Twitter on Monday afternoon disclosed a bug that resulted in an account’s location data being shared in certain conditions with a Twitter partner — even if the user had not opted in to sharing that data. The bug only affected a portion of Twitter’s iOS user base, the company says, and they’ve since been notified of the issue.

Affected users had more than one Twitter account on iOS, and had chosen to share their precise location using the optional feature in one account. Twitter says it may have accidentally collected location data for the other account or accounts on the same mobile device, as well, even when those accounts were not similarly opted in to location data sharing.

This information was then shared during the real-time bidding process with an unnamed Twitter partner, which meant they received the unauthorized location data. Twitter notes that none of this was “precise” location data, because the data was already “fuzzed” to be only a zip code or city (5km squared).

That means the data “could not be used to determine an address or to map your precise movements,” the company noted.

In terms of those worried about their location being disclosed or generally being doxxed, Twitter assured impacted users that the partner receiving the location data didn’t also receive their Twitter handle or a unique account identifier. They wouldn’t have been able to determine your identity, the company says. And the location data was not retained by the partner, Twitter says.

According to the company’s announcement:

We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process.

We have fixed this problem and are working hard to make sure it does not happen again. We have also communicated with the people whose accounts were impacted to let them know the bug has been fixed. We invite you to check your privacy settings to make sure you’re only sharing the data you want to with us.

It’s unclear at this time when this location sharing took place, or for how long, as Twitter didn’t disclose this in its post announcing the bug. Nor did it name the partner who had possession of the data, or explain how such a bug came to be in the first place. It only said that it failed to remove the location data.

Reached for comment, Twitter tells TechCrunch none of that information is going to be disclosed.

Twitter does say affected users have been notified, and anyone with questions can fill out a form to contact Twitter’s Data Protection Officer with more questions. It’s unclear to what extent the bug will result in a GDPR fine at this time, given the lack of specifics on hand.

The well-known tech startup routine of coming up with an idea, raising money from VCs in increasing rounds as valuations continue to rise, and then eventually going public or getting acquired has been around for as long as the myth of Silicon Valley itself. But the evolution of MailChimp — a notable, bootstrapped outlier out of Atlanta, Georgia, that provides email and other marketing services to small businesses — tells a very different story of tech startup success.

As the company closes in on $700 million in annual revenues for 2019, it has no intention of letting up, or selling out: No outside funding, no plans for an IPO, and no to all the companies that have tried to acquire it. As it has grown, it has been profitable from day one.

This week, the company is unveiling what is probably its biggest product update since first starting to sell email marketing services 20 years ago: It’s launching a new marketing platform that features social media management, ad retargeting, AI-based business intelligence, domain sales, web development templates and more.

I took the opportunity to speak with its co-founder and CEO, Ben Chestnut — who started Mailchimp as a side project with two friends, Mark Armstrong and Dan Kurzius, in the trough of the first dot-com bust — on Mailchimp’s origins and plans for what comes next. The startup’s story is a firm example of how there is definitely more than one route to success in tech.

Ingrid Lunden: You’re launching a new marketing platform today, but I want to walk back a little first. This isn’t your first move away from email. We discovered back in March that you quietly acquired a Canadian e-commerce startup, LemonStand, just as you were parting ways with Shopify.

Ben Chestnut: We wanted to have a tool to help small business marketers do their initial selling. The focus is not multiple products. Just one. We’re not interested in setting up full-blown e-commerce carts. This is about helping companies sell one product in an Instagram ad with a buy button, and we felt that the people at LemonStand could help us with that.