Web browsers

Auto Added by WPeMatico

Opera and the firm short-selling its stock (alleging Africa fintech abuses) weigh in

Internet services company Opera has come under a short-sell assault based on allegations of predatory lending practices by its fintech products in Africa.

Hindenburg Research issued a report claiming (among other things) that Opera’s finance products in Nigeria and Kenya have run afoul of prudent consumer practices and Google Play Store rules for lending apps.

Hindenburg — which is based in NYC and managed by financial analyst Nate Anderson — went on to suggest Opera’s U.S. listed stock was grossly overvalued.

That’s a primer on the key info, though there are several additional shades of the who, why, and where of this story to break down, before getting to what Opera and Hindenburg had to say.

A good start is Opera’s ownership and scope. Founded in Norway, the company is an internet services provider, largely centered around its Opera browser.

Opera was acquired in 2016 for $600 million by a consortium of Chinese investors, led by current Opera CEO Yahui Zhou.

Two years later, Opera went public in an IPO on NASDAQ, where its shares currently trade.

Web Broswers Africa 2019 Opera

Though Opera’s web platform isn’t widely used in the U.S. — where it has less than 1% of the browser market — it has been number-one in Africa, and more recently a distant second to Chrome, according to StatCounter.

On the back of its browser popularity, Opera went on an African venture-spree in 2019, introducing a suite of products and startup verticals in Nigeria and Kenya, with intent to scale more broadly across the continent.

In Nigeria these include motorcycle ride-hail service ORide and delivery app OFood.

Central to these services are Opera’s fintech apps: OPay in Nigeria and OKash and Opesa in Kenya — which offer payment and lending options.

Fintech focused VC and startups have been at the center of a decade long tech-boom in several core economies in Africa, namely Kenya and Nigeria.

In 2019 Opera led a wave of Chinese VC in African fintech, including $170 million in two rounds to its OPay payments service in Nigeria.

Opera’s fintech products in Africa (as well as Opera’s Cashbean in India) are at the core of Hindenburg Research’s brief and short-sell position. 

The crux of the Hindenburg report is that due to the declining market-share of its browser business, Opera has pivoted to products generating revenue from predatory short-term loans in Africa and India at interest rates of 365 to 876%, so Hindenburg claims.

The firm’s reporting goes on to claim Opera’s payment products in Nigeria and Kenya are afoul of Google rules.

“Opera’s short-term loan business appears to be…in violation of the Google Play Store’s policies on short-term and misleading lending apps…we think this entire line of business is at risk of…being severely curtailed when Google notices and ultimately takes corrective action,” the report says.

Based on this, Hindenburg suggested Opera’s stock should trade at around $2.50, around a 70% discount to Opera’s $9 share-price before the report was released on January 16.

Hindenburg also disclosed the firm would short Opera.

Founder Nate Anderson confirmed to TechCrunch Hindenburg continues to hold short positions in Opera’s stock — which means the firm could benefit financially from declines in Opera’s share value. The company’s stock dropped some 18% the day the report was published.

On motivations for the brief, “Technology has catalyzed numerous positive changes in Africa, but we do not think this is one of them,” he said.

“This report identified issues relating to one company, but what we think will soon become apparent is that in the absence of effective local regulation, predatory lending is becoming pervasive across Africa and Asia…proliferated via mobile apps,” Anderson added.

While the bulk of Hindenburg’s critique was centered on Opera, Anderson also took aim at Google.

“Google has become the primary facilitator of these predatory lending apps by virtue of Android’s dominance in these markets. Ultimately, our hope is that Google steps up and addresses the bigger issue here,” he said.

TechCrunch has an open inquiry into Google on the matter. In the meantime, Opera’s apps in Nigeria and Kenya are still available on GooglePlay, according to Opera and a cursory browse of the site.

For its part, Opera issued a rebuttal to Hindenburg and offered some input to TechCrunch through a spokesperson.

In a company statement opera said, “We have carefully reviewed the report published by the short seller and the accusations it put forward, and our conclusion is very clear: the report contains unsubstantiated statements, numerous errors, and misleading conclusions regarding our business and events related to Opera.”

Opera added it had proper banking licenses in Kenyan or Nigeria. “We believe we are in compliance with all local regulations,” said a spokesperson.

TechCrunch asked Hindenburg’s Nate Anderson if the firm had contacted local regulators related to its allegations. “We reached out to the Kenyan DCI three times before publication and have not heard back,” he said.

As it pertains to Africa’s startup scene, there’ll be several things to follow surrounding the Opera, Hindenburg affair.

The first is how it may impact Opera’s business moves in Africa. The company is engaged in competition with other startups across payments, ride-hail, and several other verticals in Nigeria and Kenya. Being accused of predatory lending, depending on where things go (or don’t) with the Hindenburg allegations, could put a dent in brand-equity.

There’s also the open question of if/how Google and regulators in Kenya and Nigeria could respond. Contrary to some perceptions, fintech regulation isn’t non-existent in both countries, neither are regulators totally ineffective.

Kenya passed a new data-privacy law in November and Nigeria recently established guidelines for mobile-money banking licenses in the country, after a lengthy Central Bank review of best digital finance practices.

Nigerian regulators demonstrated they are no pushovers with foreign entities, when they slapped a $3.9 billion fine on MTN over a regulatory breach in 2015 and threatened to eject the South African mobile-operator from the country.

As for short-sellers in African tech, they are a relatively new thing, largely because there are so few startups that have gone on to IPO.

In 2019, Citron Research head and activist short-seller Andrew Left — notable for shorting Lyft and Tesla — took short positions in African e-commerce company Jumia, after dropping a report accusing the company of securities fraud. Jumia’s share-price plummeted over 50% and has only recently begun to recover.

As of Wednesday, there were signs Opera may be shaking off Hindenburg’s report — at least in the market — as the company’s shares had rebounded to $7.35.

Hackers conquer Tesla’s in-car web browser and win a Model 3

A pair of security researchers dominated Pwn2Own, the annual high-profile hacking contest, taking home $375,000 in prizes including a Tesla Model 3 — their reward for successfully exposing a vulnerability in the electric vehicle’s infotainment system.

Tesla handed over its new Model 3 sedan to Pwn2Own this year, the first time a car has been included in the competition. Pwn2Own is in its 12th year and run by Trend Micro’s Zero Day Initiative. ZDI has awarded more than $4 million over the lifetime of the program.

The pair of hackers Richard Zhu and Amat Cam, known as team Fluoroacetate, “thrilled the assembled crowd” as they entered the vehicle, according to ZDI, which noted that after a few minutes of setup, they successfully demonstrated their research on the Model 3 internet browser.

The pair used a JIT bug in the renderer to display their message — and won the prize, which included the car itself. In the most simple terms, a JIT, or just-in-time bug, bypasses memory randomization data that normally would keep secrets protected.

Tesla told TechCrunch it will release a software update to fix the vulnerability discovered by the hackers.

“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

That’s a wrap! Congrats to @fluoroacetate on winning Master of Pwn. There total was $375,000 (plus a vehicle) for the week. Superb work from this great duo. pic.twitter.com/Q7Fd7vuEoJ

— Zero Day Initiative (@thezdi) March 22, 2019

Pwn2Own’s spring vulnerability research competition, Pwn2Own Vancouver, was held March 20 to 22 and  featured five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category.

Pwn2Own awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and Tesla.

Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bug bounty program. And it’s grown and evolved ever since.

Last year, the company increased the maximum reward payment from $10,000 to $15,000 and added its energy products as well. Today, Tesla’s vehicles and all directly hosted servers, services and applications are now in scope in its bounty program