Apptimate | Apptimate
archive,category,category-apptimate,category-71,dwpb-push-page,dwpb-allow-close,ajax_fade,page_not_loaded,,select-child-theme-ver-1.0.0,select-theme-ver-4.1,wpb-js-composer js-comp-ver-5.1.1,vc_responsive


Sensative launches Yggio – a technology-independent, open and secure platform and marketplace for property services

Lund/Las Vegas. 5th January 2017.

Sensative proudly announces the launch of its open, secure connectivity platform and marketplace for property services, called Yggio. Pronounced igg-io, Yggio enables multipoint-to-multipoint communications, offers device and service interoperability and secures personal data privacy via an encrypted permission layer for all data exchange activities.

Yggio lets property owners and tenants enjoy full control over devices and utilities used for property and tenant services in their building — eliminating excessive costs and lack of synergies. Technology and service partners use the open, secure Yggio platform and service marketplace to rapidly deliver their service applications within facility management, elderly and home care services, home security, smart apartments, homes and smart agriculture and more.

The name Yggio is based on the tree of life in Nordic mythology, called Yggdrasil, which plays a major role gathering and distributing all knowledge and wisdom through its roots and branches. The Norse gods gathered at Yggdrasil, where they settled matters in their community. The Yggio platform and marketplace firmly connect all Internet-of-Things (IoT) devices with high-value service delivery solutions. The platform uses a public API, which makes it possible for device manufacturers and service providers to use the Yggio platform.

Yggio is a major new investment area for Sensative, and it follows Sensitive’s global success with its ultra-thin sensor called “Strips”, which was launched at CES 2015. Sensative is in the process of establishing many IoT services onto Yggio, working closely together with a range of innovative technology, device and service partners. Several IoT services are piloting and testing Yggio with end-users and customers in Sweden within the areas of home security, facility management, heating, ventilation, and eHealth.

“Already before the launch of our Strips sensors we knew that our mission in life would lead us to build a secure and open connectivity platform for IoT services”, states founder and CEO Mats Pettersson. “Given our strong background in mobile technology developing from closed dialing devices to open platforms for millions of digital services, we all knew we just had to use this know-how to build a very scalable, open and multi-purpose platform. Now we are looking forward to building a strong and dedicated eco-system of partners for the property services market. We are grateful that our partner CTS supports our efforts and is displaying Yggio and some of our service partners in their stand at CES. Our service partners include Apptimate, Cenvigo, FM Technology, Alleato and Goda Grannen.”

About Sensative. Sensative is a rapidly-growing innovation company of practical Internet-of-Thing solutions. Its ultra-thin Strips sensor enables invisible mounting on windows and doors, up to 10-year carefree operations and instant integration with home security systems. It’s open, secure connectivity platform and marketplace for property services, called Yggio, enables multipoint-to-multipoint communications and true hardware and software interoperability. Sensative was founded in 2013 and is based in Lund (Sweden) and employs around 25 people, many with extensive backgrounds in mobile and cloud technology. Visit Sensative online at or contact Mats Pettersson, Chief Executive Officer, through

About CTS. Founded in 1998, Connection Technology System Inc. (CTS) has continuously focused on the market segments of FTTX Triple Play and Industrial solutions. Today CTS is one of the top solution providers for network operators, service providers, and telecom companies worldwide.

About Apptimate. Apptimate offers secure object broker with end-to-end payload encryption services for IoT and Mobile Communications.

About Cenvigo. Cenvigo design, develop and implement digital applications and smart sensor systems to promote the next generation of health- and elderly care.

About FM Technology. FM Technology is an IoT company offering facility management services.

About Alleato. Alleato has developed an end-to-end concept for and health and safety services for the home.

About Goda Grannen. Goda Grannen (“The Good Neighbour”) has developed a service for neighborhood watch where residents in a neighborhood watch out for each other in matters related to security and safety.

About Z-Wave. Z-Wave technology and is an open, internationally recognized ITU standard (G.9959). It is the leading wireless home control technology in the market today, with over 1200 certified interoperable products worldwide. Represented by the Z-Wave Alliance, and supported by more than 300 companies around the world, the Z-Wave standard is a key enabler of smart living solutions for home safety and security, energy, hospitality, office and light commercial applications. Z-Wave® is a registered trademark of Sigma Designs and its subsidiaries in the United States and other countries.

About Z-Wave Alliance. Formed in January 2005, the Z-Wave Alliance is a consortium of leading companies in the home technology space dedicated to solidifying Z-Wave as the standard for wireless home control products. The principal members include; ADT, Evolve Guest Controls, FAKRO, Ingersoll-Rand, Jasco Products, LG Uplus, Nortek Security & Control, SmartThings and Sigma Designs. Alliance members lead the home controls market, providing leading edge products and systems that deliver increased comfort, convenience, energy conservation, safety and security. For more information on the Z-Wave Alliance, please visit

Z-Wave Alliance Press Contacts Caster Communications Inc. at +1.401.792.7080 Kimberly Lancaster,

About CES. For 50 years, CES has been the launch pad for new innovation and technology that has changed the world. Held in Las Vegas every year, it is the world’s gathering place for all who thrive on the business of consumer technologies and where next-generation innovations are introduced to the marketplace. For more information on CES, please visit


EU GDPR: General Data Protection Regulation

The upcoming EU privacy regulation is relevant not only for European organizations but any business looking at Europe because of its extended scope of applicability.

The new European General Data Protection Regulation (GDPR) is expected to lead to a revolution in the privacy world.  It will come into force by mid-2018, but time is short and there’s a lot of changes that must be implemented.

What it is

GDPR entered into force on the 5th of May 2016, and European Union member states must transpose it into their national law by 6th of May 2018.

The Regulation updates and modernizes the principles enshrined in the 1995 Data Protection Directive to guarantee privacy rights.

It focuses on:

  • reinforcing individuals’ rights
  • strengthening the EU internal market
  • ensuring stronger enforcement of the rules
  • streamlining international transfers of personal data
  • setting global data protection standards

The changes will give people more control over their personal data and make it easier to access it. They are designed to make sure that people’s personal information is protected – no matter where it is sent, processed or stored – even outside the EU, as may often be the case on the internet.

Most importantly, it aims at changing the way organizations that operate in the EU or that collect personal data from the Union’s citizens, approach data privacy.

The people, business, organization or other bodies that collect and manage personal data are collectively called “data controllers“. They must all respect EU law when handling the data entrusted to them.

What it means for individuals

Mandatory consent

  • People will have to receive the consent form in an easily accessible and intelligible form, containing the purpose of data processing.
  • They will have the right to withdraw their consent as easily as they gave it, this being particularly relevant for subjects who have given their consent as a child, or were not fully aware of the risks involved by processing.

The right to be forgotten

  • People will also have “The right to be forgotten”, or data erasure, which means that the company processing and holding his data will be obliged to delete it all, including copies.
  • This obligation is extended to third parties that have access to that data.
  • To strengthen the right to be forgotten in the online environment, the right to erasure should also be extended in such a way that a controller who has made the personal data public should be obliged to inform the controllers which are processing such personal data to erase any links to, or copies or replications of those personal data. In doing so, that controller should take reasonable steps.

Protect private data

  • Data protection by design’ and ‘Data protection by default’ are now essential elements in EU data protection rules.
  • Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm – for example on social networks or mobile apps.
  • Citizens will have the right to be informed about a data breach that affected their personal data in maximum 72 hours from the data holder becoming aware of the breach.


  • Individuals will have the right to access information that contains a list specifying which data is being processed and the purpose of the data collection and management.
  • People will have the right to data portability, which means transmitting their personal data to another data controller.

What it means for companies

Harmonized rules

  • There will be a single set of rules throughout the European Union, which will cut costs of doing business in the EU. They will only have to report to one supervisory body.
  • Companies whose main activity consist of processing data systematically obtained by monitoring data subjects at a large scale or special types of data or data related to criminal activity, will need to have in place a Data Protection Officer (DPO). The DPO will have to respect the internal record keeping requirements.
  • GDPR will have to be respected by both companies that originate from Europe, but, also those offering services to EU citizens.

User data

  • Online identifiers including IP address, cookies and so forth will now be regarded as personal data if they can be (or are capable of being) without undue effort linked back to the data subject.
  • There is no distinction between personal data about individuals in their private, public or work roles – the person is the person.
  • Companies will have the legal obligation to inform users in the event of a data breach in maximum 72 hours from the moment they found out.
  • Data controllers will have to provide an electronic copy of all personal data free of charge, at request.
  • At the request of the users, companies must erase all their personal data, stop collecting it and have third parties delete it as well.
  • Also at citizens’ request, data must be transmitted to another entity, at users’ choice.

Security and privacy by design

  • Companies will have to design their systems with privacy in mind, rather than adding them. This mean that they must do all efforts to protect the privacy of their users.
  • Data controllers will hold and process data only if it is absolutely necessary for the completion of their duties.
  • Companies should implement techniques such as anonymisation (removing personally identifiable information where it is not needed), pseudonymization (replacing personally identifiable material with artificial identifiers), and encryption (encoding messages so only those authorized can read it) to protect personal data.
  • “Big data” analytics requires anonymised or pseudonymised data.

Substantial fines

  • The maximum fines can go up to 4% of the company’s annual global turnover, or €20 Million, whichever is higher. These are applied in the cases when the data subjects’ rights have been infringed, such as the cases when data has been processed without a legal basis, or cross-border transfers have been performed.

  • Other infringement could attract fines of up to 2% of the annual worldwide turnover or €10 Million, whichever is greater. This is applied for example when companies cannot prove they have adequate security, haven’t appointed a DPO, or haven’t established a data processor agreement.

How to prepare

  1. Put in place an accountability framework that will prove you meet the required standards.
  2. Design your product with security and privacy in mind, not add it later.
  3. Establish clear policies and procedures in the event of a data breach, so you can notify people in time.
  4. Verify your privacy policies and notices, so that it is easy to understand and accessible.
  5. Be prepared for citizens to exercise their newly gained rights, often with unrealistic expectations.
  6. If you are carrying out cross-border data transfers, including intra-group one, make sure you have a legitimate reason for transferring personal data to jurisdictions that don’t have adequate data protection regulations.

Object Security

This post is an adaptation from a blog post by Apptimate Security Lead Joakim.


The Internet of Things (IoT) is coming.

With it comes new security challenges from the constrained and asynchronous nature of IoT.

IoT is a wide term used to describe anything from industrial control systems to smart homes. The devices are thought of ranging from powerful devices like Raspberry PIs to constrained NFC chips. Everybody has their own view. Much of the challenges associated with IoT devices springs from the nature of constrained nodes. These nodes, or devices, are constrained in the sense that they have low processing power, a small amount of RAM and often operate on battery power.


Channel Security

Channel security (“session”, “tunnel”, “VPN”) is a term used in communications security which describes a secure channel used by an application to transmit data. The channel is negotiated and managed by a protocol at the data, network or transport level in the protocol stack. The channel handles the data agnostically; it does not know anything about the payload.

Object Security

Object security is a term used in communications security describing secure communication with no need for a secure channel. Instead of relying on a communication protocol lower in the stack to handle the encryption, the application that created the message will handle encryption and decryption of its own communication.

The key difference between traditional channel security and object security is that in object security an application handles its own secure communication. This has the effect that when using object security an application does not need to trust a channel and the different relaying nodes between sender and receiver.

Consider the case of an email message.  When it’s carried over an IPSEC or TLS secured connection, the message is protected during transmission.  However, it is unprotected in the receiver’s mailbox,    and in intermediate servers, hubs, etc., along the way.

By contrast, with object security, the entire message is encrypted and integrity protected until it is examined and decrypted by the recipient.  It also provides strong authentication of the actual sender, as opposed to the machine the message came from.

Apptimate Asynchronous Object Security provides all necessary functionality, including encryption key distribution, for simple application development of full end-2-end security in just a few lines of code.

Characteristics of IoT networks

The characteristics of constrained devices calls for a different set of solutions than the ones commonly used for non-constrained devices. The InfoSec community needs to explore how to provide information security on constrained devices communicating over insecure channels, i.e, how can message integrity, secrecy, replay protection, message freshness guarantee, and sequence ordering be provided for the Internet of Things.

There are some properties of constrained networks which have significant impact on how communication works compared to how it works on traditional networks.

Firstly, communicating parties operating on battery power will naturally want to save battery. Therefore the network part of a constrained device will be turned off for as much time as possible. This means that the normal case will be asynchronous communication and because of this, caching nodes are the norm in IoT.

Second, when sending data on the network, you want to send as little data as possible. This is of course always a good thing but it is extra important for constrained nodes; power consumption from network hardware is very high compared to cryptographic operations. Another aspect of minimizing transmitted data is that large data packages will require larger buffers on the recipient node, something that might not be available on constrained nodes.

Sending large packages also increases the re-transmission amount. If a fragment of a large message is dropped by the network, or there is an error somewhere in a packet, all of the message might need to be re-transmitted instead of just a small part. Packet fragmentation can be a considerable source for network overhead.

The situation, and what we should do about it

Traditional methods

Secure communication for constrained nodes can certainly be achieved using traditional methods such as channel security. A popular channel security protocol for constrained devices is DTLS.

The security in these traditional protocols protects the channel, not the data itself, hence the name. Since many devices operate on battery power it is important to use as little resources as possible, both in terms of power consumption and memory/CPU usage. The consequences of this is very often seen in devices designed so that they sleep for as much time as possible.

The core problems with security in IoT is that Application traffic is asynchronous, which makes caching a requirement for a well functioning network. To achieve this, caching proxies are often used.

Consequences of using traditional methods

Herein lies the core problem of this post. If a proxy is to be used for caching data, and channel security is used, the security can follow two patterns. Hop-by-hop or end-to-end security.

Hop-by-hop security

The first pattern, hop-by-hop security, visualized in Figure 1, is to terminate the channel security session in the caching node, effectively dividing the security in two parts. One part from the sender to the caching node and one part from the caching node to the receiver.

Figure 1: Hop-by-hop security

Doing this forces the data to be decrypted at the caching node; the caching node needs to re-encrypt the plaintext for the receiver. The data integrity and confidentiality will therefore not be end-to-end between the client and server, but hop-by-hop from client to proxy and from proxy to server.

Hop-by-hop security can only be relied on if all partners are trusted. This is not a good assumption for a secure and robust system. The possibility of malicious nodes opens up for both passive eavesdropping attacks and active attacks such as man-in-the-middle attacks on the communication. These kind of attacks are a very real threat and there has been countless examples of them. Hop-by-hop security is sometimes also referred to as point-to-point security.

End-to-end security

The second pattern, end-to-end security, visualised in Figure 2, is to not terminate the session at the proxy but instead keep the channel security enabled through the proxy. This thwarts the possibility for the proxy to attack the session in a meaningful way since it prevents it from reading the data or changing it without detection.

Figure 2: End-to-end security

True end-to-end security is thereby obtained but important functionality is also lost. With channel security used for end-to-end encryption, it is all or nothing; all data originating from above the session layer has to be secured. The inability for a proxy to change or read anything from the transport layer and higher layers is not without negative consequences. A proxy often carries a lot of functionality on higher layers that is broken by end-to-end channel security. For example, a CoAP caching proxy can not cache any data for connections that tunnels through the proxy using channel security. CoAP is a protocol designed to work closely with proxies; the protocol will be crippled without the proxying functionality.

Advantages of transitioning to Object Security

When the end-to-end security is based on object security instead, the protocol can pick and choose what part of the data that should be confidential or integrity protected. For example, it would be possible to encrypt the payload, integrity protect static parts of the header and leave variable header parts be.

Protecting certain parts of the header can be very important. A malicious intermediate tampering with the header can do considerate damage. For example, an attacker could change the method code from GET to DELETE, thereby deleting a resource instead of fetching the current value. This is one reason for why encryption of just the payload of the CoAP message is not sufficient.

In conclusion, object security enables end-to-end security without preventing proxy operations, if done correctly.

Network Overhead

Another important aspect when comparing object security and channel security for constrained devices is the network overhead produced by the different technologies. The overhead in a session based security protocol is composed of both the handshake and the overhead that the protocol produces when encrypting and integrity protecting data.

In an object-based security protocol the encryption parameters can be pre-established, in which case the overhead consists solely of the overhead produced when encrypting and integrity protecting, no handshake takes place.


Using channel security protocols, such as DTLS, for constrained nodes is often not the best solution. Protocols based on object security can often be a much better fit.

One of the most popular IoT protocols targeting constrained devices is CoAP. There is now an ongoing development of an OSCoAP protocol for securing constrained devices. This is an end-to-end object security protocol which aims at reducing the overhead and complexity by adding object security as an option in CoAP packets.

Internet of Things Security Challenges Means New Opportunities

IoT needs standards and interoperability

app-worldWe are rapidly heading for a world where everyone and everything is connected in a global mesh network. Today’s over-hyped early stage market will have to mature for the real solutions to come.

Most solutions of today are vertical; device — cloud — app. Very little horizontal and system integration, especially when you want to mix and match solutions from different vendors. Many big players in the IoT create their own ecosystem by designing solutions for their own smart things to be able to interact.

Say you buy a fridge from a supplier that connect to the Internet and can be controlled with an app. Down in the basement you have a heat pump from another supplier who is also online and can be controlled via another app. Eventually, the user would end up with an app for every smart gadget, and too many apps would mean that none would be used. Take the hilarious situations with the remotes on your living room table, one for the TV, one for the sound system, one for the cable modem, and so on, and multiply that with all potentially gadgets at home, in your garden, your car, at your office…

By agreeing on how interoperability can be solved, existing suppliers and inventive entrepreneurs can develop new solutions and apps that automate and control the myriad of sensors and gadgets, providing radically new solutions and abilities cross-vendor technologies.

But … Interoperability is a security threat

This openness also opens for malicious attacks, hacking, and other criminal and destructive behavior. With all data easily exposed it would be a simple thing to know when the house is empty for burglars to enter, to stalk people, to steal their identity, and so on.

The amount of damage that can be done is way greater than today. Take the recent hacks, like the Sony Entertainment hack; they were, of course, devastating for the companies, but it was still just information on their network, mostly historical data. Hacking the IoT world means access to real-time control of physical devices. How about turning off the breaks on a moving car, turning off the cooling system on a power plant or pulling the plug on an Air Control Tower? Or change the dose on an insulin pump? The amount of damage that can be done remotely will also open a new “market” for extortion and cyber warfare.

IoT will require a new level of security and privacy protection, simple enough for anyone to use, but hardened enough to make it impossible to break. Especially since most of these things will move around and communicate on public networks outside firewalls.
Based on this threat scenario we created, to provide a platform for developers making it easy to implement hardened communication security and privacy protection in any connected device, app or “thing”.

And… Age is a security threat

best-before-dateAll technology gets outdated, including these “things” and they need maintenance releases and patches. What happens when those products aren’t maintained anymore? Companies change, users don’t flash products with the latest firmware, suppliers go out of business or get bought, product lines are closed, and so on. But the product is still online doing what it was installed to do. When the connected things no longer are updated, they become more vulnerable to attacks. An ageing IoT will eventually be taken over by hackers.

IoT “things” should have a manufacturer defined shelf life and stamped with a “best before date”.

A business opportunity

The life span of a “thing” is is something that could be “self-controlled”. Many sensors are running on battery. Depending on what the sensor does and how it is constructed its battery has a life span. Interesting developments in battery technology increase lifespan to several months or years. So, if the supplier has a replacement program for dead sensors, they can update software as the same time as they charge or replace the battery.

This would also make way for a new business model; “Things-as-a-Service”.

Årets skånska startup: Plats 5

8till5:s rankning av Skånes hetaste uppstartsbolag fortsätter. Plats fem går till ett bolag som har tagit fram en säker kommunikationsplattform. Möt företaget som vill göra mobil kommunikation riktigt säker.

Ideonbolaget Apptimate har utvecklat en säker kommunikationsplattform för utvecklare. En plattform som inte sparar någon som helst data och som har kallats för Snapchat på steroider.
– Min vision är att vi blir nästa Neo Technology eller IT-säkerhetsbranschens Klarna, säger vd:n Fredrik Beckman.


Apptimate on 5th place in start-up of the year competition in local media (in Swedish)

See on Scoop.itSecure communication

Nummer 68, Villa Nest. Adele Treschow, Stephanie Treschow och Sofia Fagring ger äldre ett bättre och hälsosammare liv. Fotograf: Villa Nest

71 heta svenska startups som kan bli nästa stora succébolag

De kan alla bli Sveriges nästa succébolag. VA listar 71 svenska startups som är ute på kapitaljakt – och har ordentligt med potential.


Swedish Business Magazine Veckans Affärer rate Apptimate as one of the Swedish top 71 super-startups. And if you read our pitch (in Swedish) you will notice that we talk about a product called SAFEWIRE. More will soon be revealed ?. If you want to know more, or have it translated, just contact us directly on our web site

See on Scoop.itSecure communication

PingPal Messenger for Android released

PingPal Messenger is a privacy protected group chat app with a positioning twist. Connect with your Facebook friends and chat one-on-one or in groups. Take that ongoing conversation off-the-record, or in this case “off-the-data-mining-and-selling-your-data-Facebook”.

A cool feature is that you can check where they are right now. No tracking, just ask and answer. We call that you “Ping” them. You can even have the app answer automatically where you are, and that’s a good thing when you, for instance, lost someone and they don’t answer their phone. You can even Ping a group of friends if you’re out partying or skiing and get separated from them. No tracking or stalking! No Facebook! You are in control over who can ping you!

But that’s not all. If you want to develop your own messenger or WhatsApp app we have a huge short cut for you. The source code is available on our GitHub, for iOS and Android. Go ahead and fork it!

Technical Overview

We have recently published a new Apptimate overview page to better explain our architecture.

Basically, Apptimate is a cloud-based asynchronous routing system for data. Data objects, or messages, are queued and transferred in chronological order between two or more users. When a message leaves a queue it is completely removed from that queue leaving no trace.
This means that we store no data. We also anonymize user-IDs, offer point-2-point encryption services, etc. to know as little as possible about your applications users and data. We call this FORGETFUL NETWORKING, which means that we record and remember nothing about your communication.

We believe that the best way to secure your data is to not have your data. In the unlikely breach of our system (elliptical curve encryption is tough) there is no historical data to read.

Read more…

Important traffic milestone passed

The Apptimate platform is live since September 1st this year. And today we passed an important milestone.

During the development period we have generated a lot of internal traffic, of course. We have also developed some demo apps for iPhone (PingLove and PingPal Messenger) that we have released on App Store and they are also being used and generate traffic. When we sum it all up we have generated many, many thousand messages ourselves.

Since September 1st we have many developers signing up, and they also are generating traffic in their development. Maybe someone even have launched their app live? We don’t know since we don’t know that much about our customers. It is part of our offering; we don’t want to know to be able to protect them by not having any data.

Anyway, today the externally generated traffic now surpasses anything we have ever generated ourselves.

Apptimate wins European Satellite Navigation Competition ESNC in Norway

Winner of the Norwegian final of satellite competition ESNC takes security one step further when they mix geolocation with messaging in their service.

The need for secure communication increases with the use of tablet PCs, mobiles and laptops. Imagine that you work with the design of a hefty product. Let’s say the next model of a car. Maybe Audi?

The content on your computer is safe if you use the technology of ESNC year’s winner in Norway. Photo: peus/123RF Stock Photo

You work at home and communicate encrypted and securely with the office. So you take your computer with you on the train, where it is stolen. Your password was hacked on an unsecured network when you stopped at a gas station a while ago. All the exiting blueprints for the new Audi are on your computer.

There is nothing like the news value of a leak of how the next generation Audi will look. The newspapers and competitors are interested. You can imagine how all your designs are made public. And how difficult it can be to find a new job.

Position and destruction

It is here Apptimate makes a difference. The winner of the regional Norwegian part of the European Satellite Navigation Competition ESNC entered an idea for safety by location as part of an encrypted service they have already developed. This means that the application only can be opened at defined locations, which in this case is your home or office. It does not help with passwords if the machine is in the wrong place.

In addition, the contents can be destroyed when someone tries to start the app in the wrong location. The secrets are still secret. You still have a job. And the job’s secure server has a backup of the last thing you did before you left home.

The Swedes are coming

– I was just tremendously surprised when we got the Norwegian price, says Fredrik Beckman of Apptimate.

Last year the company participated in the European Satellite Navigation Competition ESNC with PingPal, a service that allows you to share your location in instant position dialogs. That idea appeared in a ski slope.

Since then PingPal has expanded from an app for skiers to a cloud communication service and renamed to Apptimate. And this year sent Apptimate entered “Self-deleting secure messaging based on position”, this time to the Norwegian finals because Øresund region does not participate in the competition in 2014.

The jury motivation

The European Satellite Navigation Competition aims to contribute to the new use of satellite-based position. The Norwegian Space Centre in collaboration with Oslo Tech to arrange the Norwegian part of the competition.

Fredrik Beckman from  Apptimate received the Norwegian ESNC award during Oslo Innovation Week 2014 Host Pernille Sørensen tv and Marianne Moen, Norwegian Space Centre. Photo: Gorm K. Gaare

Fredrik Beckman from Apptimate received the Norwegian ESNC award during Oslo Innovation Week 2014 Host Pernille Sørensen tv and Marianne Moen, Norwegian Space Centre. Photo: Gorm K. Gaare

After evaluating ten short listed submissions the jury concludes as follows:

“Winner of the Norwegian part of the competition ESNC (European Satellite Navigation Conference) uses geographic position as a security mechanism in a messaging service. The position can be used to set limits when the user can send and read messages, and can for example also trigger automatic deletion of messages.

The idea will be launched as an extended functionality to an existing service. The correct position is an absolute prerequisite for such functionality. The winner is the contribution that uses geographical position most innovatively, and has a credible chance of realization and market uptake. “


This is a translation of the original news release in Norwegian.


PingPal rebrands to Apptimate

It all started with an app, and PingPal was a great name for that app.

But in the process we developed a backend solving many problems that we realized was something that many developers and companies needed. Our app business pivoted into a cloud based service for secure communication and positioning.

We also realized that we needed to rebrand to distance us from the initial app, to clarify that we are not an app any longer, but much, much more. And the new name is Apptimate. We came up with the name when playing around with the words:

  • app
  • optimize
  • automate
  • team mate

So we are changing our logo and domains etc as we are launching the leading cloud service for secure communication and positioning.

Spoiler alert: we will soon release a PingPal messenger and positioning app.

Location for iOS released

esnc13We have just released the location SDK for iOS. Android is still in private beta and will be released in a week or two.

Our location feature is built upon our awarded technology for positioning dialogs.

Strange really that just asking for a position and getting the answer back, automatically or manually approved, in close to real-time can be revolutionary. This is how it always used to be before we started using mobiles and other GPS devices for tracking. Tracking is good if you need to have a history of transportation for instance, but there are many cases when you really just want to know where people or things are right now. There are also many situations where tracking is invading privacy. You want to know where your kids are, but should anyone else know?

Our dialogs are “ephemeral” or self-deleting in its nature. The question and answers passes through our service but nothing is recorded or stored on our servers. If your application requires that, then you must store it yourself in your own database. We don’t want your data since that is the best way to protect your service.

Use our Location service for solving logistics, people management or add geographic position to your security tools.

Use it for safety in the field apps; Implement a simple alarm button to push the user position to friends or security personnel. Start a position tracker if needed. Or set off an alarm if the user enters wrong area or deviates from planned route. Include automatic data delete. The possibilities to enhanced safety in the field are limitless.

Read more in this whitepaper about what you can do with our positioning technology.

Download here and start developing!

PingPal Crypto released!

PingPal is designed from bottom up for secure messaging. Everything we create is there to ensure security, privacy and effectiveness in mobile user communication.

The founding elements are anonymization of users (we don’t know who they are, but the app owner might very well know) and no storing of data on our servers. No data stored means less risk of anyone accessing that data.

However, we have queuing mechanisms to ensure persistent connections. In theory that data could be “sniffed” through a security breach or code injection. To prevent that we now offer an extra security layer on top of the communication, RSA 2048-bit keys, military grade, encryption. Unique crypto keys are stored in the user devices without access by anyone but the app user, meaning that not even we at PingPal can decrypt and read the data.


SDK for iOS available now. Android is due in a few days.

So, now it’s time to start developing those secure apps!

PingPal Crypto without user passwords

No more user passwords with PingPal Crypto

A recent article in Wired, “Turns Out Your Complex Passwords Aren’t That Much Safer”, argues that using passwords as our primary authentication mechanism is not an optimal solution. Passwords has several weaknesses; that you have to trust the service developer with your password for safe storage, you have to use different passwords for different services, you have to remember all of these passwords and the passwords have to be random enough to withstand an intelligent dictionary based brute force attack on the password database.

The real issue here is that the end-user, with no knowledge about cryptography, has to take an active part in the security of a service; the user is asked to forge his own key to his bank-vault. Now, being trusted with a new and difficult task, a lot of users will forge very simple keys that are say to pick, i.e. they will use simple passwords that are easy to break, because they are easy to remember. The main way developers has tried to solve this problem is by forcing the user to generate random passwords by making them abide different rules when creating a password. This does not work. Donna Dodson says it very well in the Wired article: “The security has to be usable for the end-user. Otherwise they’re going to find workarounds.”

A good security solution cannot rely on passwords as the main method of authentication. In PingPals Crypto library, PingPal has solved this problem by using x.509-certificates with 2048 bit RSA keys for authentication. This means that the end user does not have to remember a password at all. The password is replaced by a virtually unbreakable RSA-keypair that is generated and stored securely on the device where the code is executing. And the best part is, the secret key on which the security relies does not ever have to leave the device. Therefore, hackers cannot get a hold of a password database since there is no such thing.

So why is this not the standard for authentication? Well, it is, just not for end users. When connecting to a server over https, e.g. when you are logging in to Facebook, the server is authenticated using the same principles as PingPal uses but the users are authenticated using a simple password. This is because using certificates for user authentication has been deemed too complicated for the end user by many developers, something that is now taken care of by PingPal.

Using PingPals services, the end user does not even know it is being authenticated at all, it just happens automatically in the background in a highly secure way. So it is both safer and much more convenient than using conventional passwords. Also, the end user does not have to trust every single developer that is involved with the code of the service. As long as the service uses PingPal, the entirety of the security is handled by PingPal.

By using PingPal, the developer does not have to have any knowledge about cryptography, the end user does not have to remember passwords and still the entire service becomes much safer.

NB. PingPal Crypto is in beta and will be released early September. Please contact us directly if you need a pre-release.

Apptimate Performance Demo

Apptimate is fast, most often “instant”. But what does this mean in reality?

Performance in mobile networks and devices are dependent on so many parameters, like device architecture, OS, network bandwidth, carrier, network type, geography, device movement, the app itself, etc., so it is difficult to give clear measurable data.

So, we made a demo. A very simple app sending a message to all users to display or remove a popup. We implemented it on iOS, Android and JavaScript in a web browser and recorded the result so you can see for yourself.

Please note that the video has not been manipulated other than adding the layover texts. The performance is exactly what you can see in this video.

Equipment and network connections:

  • iPhone 3GS over WiFi
  • iPhone 4S over 3G
  • iPhone 5 over 4G
  • Sony Xperia X10 over WiFi
  • Safari on Mac over WiFi


IT security company Norse maps the global cyberwar in real-time

You’ve probably heard that the next generation of war will be played out on the digital battlefield, and how China and the U.S. are already fighting with more or less discreet cyber weapons. But it can be hard to see how it really looks like if you are not an expert.

Now, the Norwegian security company Norse has launched a map that shows cyber-attacks in real time, who is attacking whom, and the methods used. The data is retrieved from Norses own servers and is not based on any “real” data from the Pentagon or Google. Their website has information about how they collect the data, but the technical details are pretty sparse.

Sometimes you can see a large explosion of coordinated attacks from China against the United States. Many hacks have also originated from the United States, but their goals are much more varied, and are not coordinated on a single target that attacks from China.

N.B. The information from the map should be taken with a grain of salt, but may be interesting for those who want to gain a greater understanding about the invisible cyber war around us.

And most of all, it’s really cool: Take a Look!

iOS vs Android: Which is more of a security threat for the enterprise?

An interesting report from Marble Research has created a bit of debate on the internet. See for instance this article at ZdNet:

This report has looked at various risks that the users of the two platforms may face. “Neither iOS or Android is more secure or less secure than the other. The risk among companies who allow their employees to use their own devices (BYOD) run the same risks, whether they are running iOS or Android”, writes Marble Security in its report.

iOS users with non jailbreaked devices can only download apps from the Apple App store, where Apple rigorously reviews all apps before they are approved.

Android users, on the other hand, have the ability to download apps from a variety of sources outside of Google Play, making it harder to control security.

Apple’s strict rules for the apps that get published on the App store, gives iOS an upper hand as compared to Android. But there are still ways for an attacker to steal information from iOS devices. One such risk is the possibility to send a configuration file to a iOS device via a malicious web page. The user can be tricked into installing the configuration file, which enables further attacks. This is something we have taken into account and prevented in the PingPal service by the Encryption Manager release coming soon.

The entire report can be downloaded at Marble Security website (pdf).

PingPal on Top Tech20 list

Vinnarna Tech20.140604

PingPal awarded Top Tech20!

Sweden’s best technology companies in the incubators in 2014 crowned

Here are the winning companies on Almi Tech20 list. The Tech20 list crowns Sweden’s 20 best technology companies out of 800 in the Swedish incubators in 2014. Several of the young startup companies have a chance to become a new Swedish export success. The winning companies have developed everything from analysis of abdominal fat, secure communication and positioning, a new indoor navigation technology to water recycling systems.

For a company to make it on the Tech 20 list:

  • Develop a unique product or service with great international potential and have provided that completely transform their business or create new markets
  • Solving a large customer problems
  • Have a business idea based on an innovative technology
  • Be enrolled in one of Swedish incubators, a so-called incubator companies


The news flash on the ALMI site:
The news flash on NyTeknik:

App developers, this app feature will get you dates

PingPal Ephemeral messaging is like a natural chat

Feeling romantic? Are you really romantic? You know, being romantic will get you dates!

Being romantic is about relevancy and timing, just as mobile marketing. You must be considerate, imaginative and surprising. Imagine if there was an app for that…

In fact mobile apps can give you that timing. The problem is that timing often means going on inspiration. For instance you just realize that the person of your emerging interest is having his/her birthday. Today! Well surprise him/her with some flowers or a gift. You have the mobile phone so place an order.

Now here comes the catch of mCommerce of today. You can order but where do they deliver? Worst case, they will deliver to your address another day, IF you stay home and wait for the delivery, otherwise go to a pick-up. If they have a good service they will deliver to your office in just an hour or two. But, what if you are out on After Work when you get the news and idea? Sure, you can run down the street looking for a flower shop just hoping that your party will stay at the bar and not leave for another bar.

Now imagine an app with this extra feature; same old online order and payment as any mCommerce app but with the addition of temporary position sharing with the delivery guy. You know, Uber for flower shopping. Easily done with an app based on PingPal.

Check out this use case

And sign up here to start your Uber-flower-app project. Won’t cost you anything until you take the world with storm.

Mobile Apps 2.0

It is soon that time of year again. It’s the mobile Christmas Time, or Mobile World Congress in Barcelona.  Apple Santa, Samsung Santa, Sony Santa and a hundred more Santa will launch their new toys, new gadgets, new cell phones ad new apps. I wonder how revolutionary it will be this year? One thing is sure and that is that the mobile evolution isn’t stopping.

But, not only the devices themselves are evolving. The actual definition of what an app is changes and matures. Very much like we saw in the development of web 2.0 a few years back. An early web page was a static online catalog thing where business showed their offering. With 2.0 the web became an integral part of the marketing & sales process. Sometimes it became the actual service offering itself.

In the same way I believe that apps will change. From being toys, media subscriptions, communication tools, social sharing, etc, they will become an integral part of all other products and service offerings.

You will control your car or house through it. Extensions included in the purchase of the car and heating systems.

You will order a drink in the bar through it. Even pre-order if you are really thirsty and still on your way. 

You will buy mobile goods with mobile delivery to where you are and not to your home address. Hungry? And you only brought wine to the picnic? No problem, just order a picnic basket delivered to the blanket.

You will have the tour guide (the person, not the book) in your pocket when travelling abroad. You got that when you booked the ticket.

Just a few loose ideas emerging today as products and product extensions where I am sure that future entrepreneurs will take things much longer than we can imagine today.

The phone will be your personal hub and assistant that integrates with all your other products and offerings. It’s your, key, house thermostat, wallet, driver assistant, sound control, training assistant, doctor, and so on.

In analogy with web 2.0 I’d like to call this Mobile Apps 2.0. The day in the very near future when the mobile stops being a device or a channel and becomes an extension of everything else.

Interesting things to think about. But one thing is clear;  all these abilities are based upon computing power, solid communication  that works everywhere, platform independence, cloud storage and full 110%& privacy protection.

ephemeral messaging by PingPal

Why We Love Ephemeral Messaging (And You Should, Too!)

The need to be forgotten is strong. People want to share their whims with friends but not with everyone. This has been clearly proven with the emergence of messaging services that forget, a market driven by the intense popularity of Snapchat. It seems like everyone’s making an app or adding self-destructing messages these days, partly driven by the increasing user awareness of privacy in the ongoing NSA snooping affair. The best way to protect your information is to have no stored information to protect.

PingPal Ephemeral messaging is like a natural chat

Ephemeral messaging is like a natural chat, but long distance

Person to person communication is ephemeral in its nature

The change is not only about privacy, it’s a change in behavior. People act and share differently when they know that a photo or video will live forever. It has a tendency to be about creating a statement or a fictive persona. People publish images that are an Instagram filtered version of their reality.

Ephemeral messaging, knowing that your message or image will be gone in a moment, creates a room for more intimacy than for instance Facebook can offer. You can share your unfiltered opinions and worries with your best friend like if you had been on a tête-a-tête even though you are miles away.

Mobile employees need to communicate “off-the-record”

ephemeral messaging by PingPalEphemeral messaging services are also gaining traction in the enterprise arena with early interest from for instance hospitals, elderly care, police departments and financial institutions. This probably relates to the growing “bring your own device” (BYOD) trend, where many businesses are moving away from forcing employees to carry company-owned handsets, laptops and tablets while still needing to bring their data and communication into the field in a secure and controlled manor.

In a world of increasing corporate espionage and hacker intrusions it will be a necessity for many big corporations and governments that conversations are off-the-record and stolen or lost devices doesn’t contain any important data.

PingPal is the ephemeral communication API

The PingPal platform is designed for the ephemeral communication paradigm of evaporating data. This goes for any type of data; text messaging, positioning, corporate data synchronization, etc. The communication passes from user to user and is only stored on our servers in a queue when the receiver is off-line. As soon as he is online again the queue is emptied into the receiver app.

PingPal direct communication apps

With PingPal you can develop ephemeral messaging apps with privacy protected direct user-to-user communication

As a developer you can of course create your own history features by storing the messages in a database, but we strongly recommend to keep that database away from servers to maintain high privacy protection. Usually we believe it would be enough to keep history lists on the sender and receiver devices. The communication history is only their business so it should be kept like that for no-one else to read.

In the ephemeral concept there is usually a disposable messaging feature to self-destruct the messages. This is supported on the PingPal service by having a time stamp on all messages. This can be used to create a time based auto-delete function, similar to Snapchat, or in accordance with corporate policies on data storing. For instance, it is quite easy to implement an auto-delete to clear all local device messages upon closing a project or when an employee leaves the company and brings his device with him.

Interested in creating an ephemeral messaging app that rival Snapchat? Or creating a mobile workforce solution with in-the-field communication? Contact us directly and you will have the opportunity to discuss the technology, possibilities and implementation strategies with one of our gurus. It’s just your data traffic that is ephemeral, not your possibilities.

PS. Thank you NSA et al, for creating this market for us!

See also this presentation on SlideShare:

Snapchat and PingPal messaging are two sides of the same coin

Snapchat and PingPal messaging actually shares a common philosophy and technical ideas. We both protects privacy by simply not storing anything on the server. But it’s not completely bullet proof. To quote Snapchat:

Snaps are deleted from our servers after they are opened by their recipients. So what happens to them before they are opened? Most of Snapchat’s infrastructure is hosted on Google’s cloud computing service, App Engine. Most of our data, including unopened Snaps, are kept in App Engine’s datastore until they are deleted.

Is Snapchat capable of retrieving unopened Snaps from the datastore? Yes—if we couldn’t retrieve Snaps from the datastore, we wouldn’t be able to deliver them to their recipients desired by the sender.

Do we manually retrieve and look at Snaps under ordinary circumstances? No. The ordinary process of sending Snaps to their recipient(s) is automated.

So what is a circumstance when we might manually retrieve a Snap, assuming it is still unopened? For example, there are times when we, like other electronic communication service providers, are permitted and sometimes compelled by law to access and disclose information. For example, if we receive a search warrant from law enforcement for the contents of Snaps and those Snaps are still on our servers, a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency. 

PingPal works in the same way. Messages are queued on our platform until retrieved by the receiving app, then they are deleted. We are abiding to similar laws as ECPA that require us to share messages with law enforcement agencies upon request. And we could, if required, read messages, even though that is something we are working on.

So the same proven methodology / technology that Snapchat uses are available through PingPal for ANY and EVERY app!

phones-pingpalWhy settle for something less privacy protected for your users? We use the same mechanisms for our Positioning Dialogs™. Position questions and answers are directly relayed between two users. If the connection is lost it will be queued in the same way as any message, and most importantly; positions are never stored on our servers. No one can use our service to track you, or your kids, or whatever, unless they are a government agency that are tracking carrier cell information. We have no historical data that can be used to track anyone, just maybe a position reply that happens to be in a queue for the moment.

As an app developer however you can choose to implement PingPal positioning in a tracking feature where you store historical data locally in the handsets to protect privacy. If that is of less importance in your specific app then tracking data can of course be stored in a database on a server, and you will have a solution that resembles other available services out there. But then again you will lose the privacy protection possible with PingPal. Very much like if you start screen capturing Snapchat pictures or develop an app that bypasses Snapchat delete mechanisms you lose the Snapchat privacy protection and the whole purpose of the app.

If you are interested in Snapchat and ephemeral messaging we recommend by Jason Gonsalves. A very interesting analysis indeed.

PingPal Location Manager now released

Introducing the award winning privacy protected positioning technology for every app developer.

The PingPal Location Manager and SDK enables app developers to implement positioning dialogs in their apps.You ask your friend where he is and his phone gives his position. As simple as that. Two lines of code. No tracking. No databases. Complete Privacy Protection.

We have now released the SDK’s for iOS and JavaScript. Downloads here and documentation here. The Android SDK is due early next year together with the OutBox and User Manager SDKs.

In the following video we highlight some abilities and app possibilities with our  positioning dialogs. The example show features for an outdoor type of app, but are of course equally applicable to any kind of location based app.

In this next video we showcase what our team did at a 24h hackathon using our platform; a web and iPhone based taxi order – dispatch – communication solution, inspired by Uber.

Win $12000 worth of PingPal service at Location Day!

Petter Palander of PinMeTo is a guy with visions, but I doubt that he knew what he started when he came up with the Location Day idea. We both know that there is a cluster of location related companies in the Øresund region, but that the need to meet and compete was so great came as a big surprise.

When we heard about it we also saw this as a great opportunity to launch our newly awarded positioning technology. The exact SDK contents will be released at the event. It will be a simplistic first version but fully functional and most importantly simple to implement in the hacks.

We are so excited by this event that we decided to add some spice to it. PingPal will give one year of free traffic on the PingPal service, value up to US$12 000, for the best hack based om PingPal API and SDKs! So join in, use our stuff and make us pay! 🙂


Here’s Petters presentation of the event. More info and sign up here:

The very short history

Location Day was born on a Sunday night, November 3rd, as a day with the focus location, location, location. Two days later, it was publicly known as Location Day, with 100+ attendees. We had 17 of the foremost speakers on the topic and entrepreneurs on location services in Sweden confirmed, and they all do it all pro bono. Not only that, 50 % of the speakers are women.

The event

A day and night everything location. Location has become one of the fundamental layer of the web. We’re using location for tracking where we move, to explore new cities, tagging our tweets, status updates, photos and videos. We can add location to every move we do on the web, and we’re already doing it.

It’s exciting times of location based services and it’s exciting times for anyone interested in it. We want to give you a day filled with inspiration and knowledge about location; where we are now and were we might be heading and how it affects us all.

We’ll have entrepreneurs talking about how they’re using location in their products and services and we’re bringing you some of the most knowledgeable people on the topics location + quantified self / exploration / service layer / city planning.

So basically, clear your calendar on the 6th and 7th of December and make sure to come to Malmö. The day will continue into a night of hacking, where the theme is… location of course. More details to be announced, but one thing is sure – you don’t want to miss this.

Confirmed speakers & panelists:

Maria Gustafsson : GeekGirl & founder of #WebCoast

Joakim Jardenberg : Internaut and netizen

Alexandra Bylund : founder of Foap

Anders Mildner : journalist, author

Heidi Harman : founder of GeekGirls, Runalong

Måns Adler : founder of Bambuser

Maria Hägglöf : co-founder of

Linus Olsson : founder Flattr &

Gitta Wilén : digital storyteller

Jan Erik Solem : founder of Polar Rose

Sofia Eleonora Franzén : founder of Owegoo

Fredrik Davidsson : Teknograd!

Angelica Vargas : co-founder Everplaces

Johan Brissmyr : co-founder Userbin

Sandra Jakob : Nyhetschef Helsingborgs Dagblad

Sebastian Wallin : co-founder Userbin

Michael Nilsson : co-creator of Everymote

Karin Bäcklund : Social Media Strategist at Schibsted Media Group

Andreas Krohn : founder of & Nordic APIs

Pernilla Näsfors, World Bank

Sergio Alvarez Leiva, founder of CartoDB

Craig Taverner, founder AmanziTel, GIS expert at Neo Technology

Want your own WhatsApp messenger app?

Do you have that chat app idea that will disrupt the messaging app market? Or just need a chat feature in your app or service? Do we have the solution for you!

The Apptimate communication platform has all that necessary technology that’s so hard and costly to develop; user management, user groups, queuing, authentication, secure message delivery, fail-safe Quality of Service, privacy protection, etc, etc. Everything included in the service and SDKs, free to download and implement.

Build on our group chat and positioning app PingPal Messenger. Available on GitHub for iOS and Android. Go ahead, examine, compile, test, be inspired, fork, implement and disrupt your market!



To make it even simpler, we also have a smaller GitHub project, simpleChat for iOS, with source code as a fully working but simple app example. Some functionality just to give you a starting point:

  • User signup with Facebook account, but it’s not Facebook messenger service, it’s live Apptimate service
  • one to one live chat
  • register apple push certificate to use push notification

Go ahead; download, examine, compile, test, be inspired, fork, implement and disrupt your market!

Some screen shots:

simpleChat users screen simpleChat screen simpleChat dialog

Why positioning is more and less than check-ins

Andy climbingKnowing where friends and loved ones are is a basic human need. But is broadcasting your whereabouts to the world really a necessity?

The ideas behind the PingPal positioning technology came to us one day when we got separated in the ski slopes. I just wanted to know where Andy was, if he had crashed and needed medical assistance, gone to the après-ski or simply didn’t here me calling him. In fact he was completely soaked in untouched powder and too busy answering the phone. And he was too busy to call me and share 🙁

Well, of course I didn’t want this to happen to me again so at the bar later that night we said, working in the mobile industry for many years, “there’s an app for that!”. I think we downloaded and tried them all, but none could fulfill our basic need of simply communicate our position and display it on a map of the mountains.

Everything with Google Maps or Apple Maps was just a big laugh; online maps on the mountains with no 3G? How cool is a position pin on a blank screen waiting for a map?

Foursquare or Latitude location check-ins? While skiing? “Hmmm, this is a really cool run knee deep in powder, maybe I should stop and check-in?” Think not!

GPS position trackers? Why send and store a lot of positions in a database? It would have been interesting to see where Andy had been, but the trade-off is too big with constantly activating the phone GPS, one of the biggest power consumers and battery drainers in the device. Also, tracking means sending data at intervals, and with no 3G available and long distance to the base stations this also consumes a lot of battery. Andy’s phone would get completely drained for really no reason.

I simply wanted his position in a message or something when I wanted it! Without him having to answer the phone since he was to busy to hear it. A very simple bit of communication.

We realized that this basic need is a very common need that you would like to incorporate in any communication between two people. In any app.

Despite a lot (and I mean A LOT!) of developments and experimenting in the geopositioning field everything seams so over-complicated.

Foursquare Pins and Tattoos - SXSW 2010I just read a great piece on TechCrunch by Natasha Lomas where she shares a lot of insight in something I’ve tried and never really understood: Proximity Location Based Social Networks. I’ve followed the hyped services and enthusiastic blogs but never seen it as anything but niche applications. Finding close by people that roughly shares the same interest? Awesome when I’m selling at a show or out scouting for ideas at a convention but then what? Why the hype?

She also discuss the check-in fatigue that is hitting Foursquare, Google Latitude etc., and I must confess that I’m one of them. Since I love maps and geo data, especially while travelling, I was an early adopter, but also an early leaver. Simply boring services where I just can’t remember to check-in, since that is not my need. I’m not interested in becoming a mayor of something, if it is not for real. I’m not interested in shouting my whereabouts to the world. That’s geolocation spamming!

If you have any interest in what’s going on in the location business read the post by Natsha!

OnTheFlea First Customer App on PingPal


July 10, 2013

Full press release in Swedish – English (PDF)

There are many challenges in developing mobile apps today. For instance if the app use maps it cannot be used without good Internet connection and privacy concerns are a hot topic in the news today. With PingPals rapidly developing cloud services, web and app developers can build services that make use of maps in offline mode and can also ensure the user full privacy without the possibility of tracking or listening in on conversations.

ontheflea-on-iphoneFirst to run PingPals cloud service is the fast growing Virtual Flea Market app OnTheFlea, which attracts a large number of users all over Sweden.

“Using PingPals technology for future versions of OnTheFlea is extremely exciting for us,” says Mikael Drene, Marketing OnTheFlea.

“PingPal gives us the opportunity to quickly and at a low cost develop our functionality. The technology makes it easy to launch new exciting features on all of our platforms: iPhone, Android and Web – so that we can focus on quickly building up OnTheFlea service to a leading marketplace for used goods. “

PingPal offers unique privacy protected positioning, best described as a dialogue between two devices – where a position only can be requested by an authorized contact. The positioning information is transferred directly between the two user devices and not stored on any servers, and since the positioning is only performed when requested for, it saves a lot of battery and data traffic.

The same privacy protected technology is also used in the chat and Voice over IP modules included in PingPal.

Another major advantage of PingPal is the ability to use offline maps, which is particularly well suited for outdoor, sports, events or tourism apps in which the user often moves outside ideal mobile coverage.

“Today neither Google Maps nor Apple Maps allows developers to work with offline maps for licensing reasons. This is an important feature for many types of apps where for instance the rugged terrain only has 2G/GPRS coverage or at overcrowded events where the mobile network gets overloaded. The network capacity is simply not enough to show an online map and all you get is a map pin on a blank screen. Not a good user experience. PingPal also minimizes data traffic making it perfect for travelling abroad to countries where roaming charges apply, “explains Fredrik Beckman, CEO of PingPal.

PingPals cloud services for developers of mobile apps has now been opened to public beta for specially invited apps and app developers.

About OnTheFlea

OnTheFlea is a flea market app where the user easily and cheaply can sell everything that he or she no longer needs. If you are out shopping you can check what’s on sale close by on a map. Or in a place you are heading to. Like a flea market without tables. Ads cost from a few Swedish Kronor and takes under a minute to post. OnTheFlea is available for Android phones on Google Play Store and iPhone on Apple Store. Read more at (in Swedish).

App Business Status 2013

What’s the current status of the mobile app business? Everyone knows it is booming, but what’s it really like? Is there still time to start your own app development company? The global mobile applications business is expected to make $25 billion in revenue this year, up 62% from a year ago, according to Gartner.

There’s also a million apps to choose from: Apple app store now has about 800,000 iPhone apps, compared with 700,000 Android apps on Google Play, 125,000 on Windows and 70,000 for Amazon.

Speed and innovation is essential to succeed. About 63% of the apps used daily now differ from those used daily a year ago. Our attention span is so short these days – and the competition is so fierce – that we soon move on to the latest and greatest app.

Free remains king in app stores

Free is sweet but developers still has to live so everyone is trying to invent (or copy) ways to monetize. The two most common models are ads and freemium where you first get to try but will have to pay for full feature sets.

The prices are higher in the Apple store compared with Google’s, where the apps are far more likely to be free. At the end of 2012, the average price paid for an app in the Apple store was $3.18 on an iPhone and $4.44 on an iPad, according to Distimo. That compares with an average price of $3.06 in the Google Play store. Those two stores represent about 87% of U.S. smartphone users, according to comScore.

The growth will be local

For high-profile apps such as Facebook or Google Maps the demand is global and these apps easily penetrate local markets. For other apps — like a taxi booking, cinema schedules or restaurant reservation apps — what works with US consumers will not work in the local business environment or culture in a European or Asian city.

Different language, culture, business environment, promotional channels, regulations, brands and local consumer behavior will mean that many apps will need adaptation to penetrate local markets. It also means that much local app demand is currently under-supplied. Global demand for top-seller apps will dominate downloads in most regions, but at the same time, regional demand for localized apps will drive the next 10 million apps.

So there’s still plenty of room for entrepreneurs starting their own app business!

85% of Mobile Users Favor Apps Over Mobile Web

Iced tea at Georgia's, version 2When developing a mobile marketing strategy there are two technology paths to consider and evaluate. Should your app idea be implemented as a mobile web solution or as a native mobile app?

Mobile web solutions are generally speaking simpler and cheaper to implemented especially if you want to address users with both iPhone, Android, Windows Phone, etc phones. But now there is some new solid data to consider in your marketing campaign ROI; consumers globally prefer mobile apps over mobile websites, according to a Compuware Corporation global study of consumer mobile application expectations and experiences.

When asked about the benefits of using a mobile app vs. a mobile website (a website that is specifically designed to be viewed on a mobile device), 85 percent of survey respondents preferred mobile apps over mobile websites, primarily because apps are more convenient, faster and easier to navigate.

Mobile applications are thought to make life easier by streamlining calendars and grocery lists, offering entertainment while in line and making it easy to collaborate with co-workers. Consumers now associate apps with banking, paying bills, shopping, booking hotels and travel, as well as with staying productive and connected with both home and office tasks.

The survey of more than 3,500 global respondents sought to answer what consumers really need and want when it comes to mobile applications. Consumers want apps that push out personalized content as well as offers and perks based on their interests, while providing the ability to share offers, news and product recommendations virally on their social networks.

However, bad mobile app experiences will likely also be shared virally, which can result in poor reviews and low ratings that can impact adoption numbers. A poor mobile app experience is also likely to discourage users from using that app again.

“With consumers expecting greater experiences with mobile apps now more than ever, fulfilling those expectations doesn’t just happen — it takes a conscious effort throughout every stage of the design and development process to get it right,” said Stephen Pierzchala, Technology Strategist, Compuware APM Center of Excellence. “Performance is a crucial contributor to providing a dependable mobile app user experience, so performance should be considered a key driver in the design process. Mobile applications need to focus on a core utility, and they need to be fast and reliable in order to be valuable.”

Download the full report from Compuware

Branded Apps for Marketing is Starting to Outcompete Traditional Advertising

Branded app for marketingThe largest TV commercial event is approaching, the Super Bowl XLVII. Major brands will spend tens of millions of dollars to show off. But one major retailer, Target, will watch from home this year. They have used a fraction of that budget to develop a quite simple mobile game instead, “Snack Bowl”.

“Snack Bowl is a fun, new way for Target to engage with our mobile guests as they think about planning a great game-day party,” said Phil McKoy, vice president,

The virtual game invites players to throw branded snacks towards party guests as they move around the living room. Participants can compete to enter the game’s “Hall Of Fame” and see their worldwide ranking online and are being encouraged to share their scores/rank on Facebook. Snack Bowl will appear on Target’s mobile site home page until Feb. 9, according to the company’s blog. The game will also be featured on Target’s branded app for iPhone and Android over the next three weeks.

From a marketing perspective, the game reminds consumers that they can buy Super Bowl goodies appearing in the mobile game—Coke Zero, Ritz Crackers, etc.—at their local Target.

The Snack Bowl app underscores the brand’s strong focus on mobile marketing.