Monthly Archives: August 2014

DrinkMate Is A Tiny, Plug-In Breathalyzer For Android Devices

Devices that plug into smartphones to augment the built-in sensors with additional smarts are continuing to make their way to market, many fueled by crowdfunding. Here’s another contender aiming to extend the capability of Android smartphones: a teeny breathalyzer called DrinkMate, currently seeking $40,000 on Kickstarter to make it to market by December.

The 1.8-inch long device is designed to plug into a powered Micro-USB port and, when used in conjunction with its companion app, displays a blood alcohol content (BAC) rating after the user has breathed over its semiconductor-based sensor. DrinkMate does not require a mouthpiece, the user just blows into an air inlet, which helps keep the design compact and the device hygienic.

We’ve seen smartphone breathalyzers before, such as the hefty Alcohoot for iPhones, which we covered last year. But the DrinkMate is a lot smaller and a lot cheaper, following a Moore’s Law trajectory.

It also claims to be able to deliver on the accuracy front — which is obviously the key aspect here, and a claim that remains to be tested given this is still a prototype — claiming BAC measurement levels at an accuracy of +/- 0.01% BAC at a BAC of 0.02%. DrinkMate’s sensor maxes out at 0.20% BAC but if you’re that drunk you’re unlikely to be compos mentis enough to use this gadget, let alone find your car keys.

In addition to accuracy levels, it remains to be seen how DrinkMate’s performance holds up in rugged, real world environments when the drinks are flowing and users may not be following best practice testing procedure. A savvy companion app that steps users around potential pitfalls, such as by ensuring they wait long enough after their last drink to avoid an inaccurate rating (based on alcohol in the mouth), is going to be required to avoid misleading readings.

DrinkMate’s Washington, DC based makers say the basic idea behind the device is to generate a visible, shareable BAC rating as a way to pile more peer pressure on groups of drinkers so they keep each other safe. That’s a laudable aim, but there is of course a risk of encouraging opposing behavior — so again the tone of the app is important. The current app designs are pretty basic but the makers say they are adding more features weekly.

While ever more mainstream interest sensors, from location sensors and motion/health focused hardware, are being embedded into phones, more specialist and/or targeted sensor hardware — such as the DrinkMate’s BAC analyzer — is something that makes sense as a smartphone supplement.

Bottom line: not everyone is going to want or need this type of sensor embedded in their phone but there will be people who see value in having various specialized gizmos hanging off their keyring which, after being plugged in, extend the utility of their mobile device. (Or indeed which they wear on their person and connect to their mobile via Bluetooth.)

Price wise the DrinkMate is currently being offered to Kickstarter backers starting at $25.

The hardware is guaranteed compatible (tested) with the following Android devices:

  • Samsung Galaxy S3, S4, and S5
  • Samsung Galaxy Note 3
  • HTC One
  • Motorola Moto X
  • Asus Transformer Prime, Infinity

The makers’ say they are planning an iPhone version but only if their Kickstarter campaign for the Android version is successful.

At the time of writing they have raised just over half of their $40,000 target with another 25 days left to run.



Via: techcrunch

Snapchat Steps On Twitter’s Toes, Lets You Follow Remote Events Live

Snapchat has just updated its app with a brand new Live section that will incorporate Our Story into everyone’s feed, regardless of location. Our Story is a Snapchat product that lets users contribute snaps to a single Story (or, thread of snaps) from a single event.

The product first launched back at Electronic Daisy Carnival, and then went on to Rio, Outside Lands, and Lollapalooza. The reaction was great and users contributed over 350 hours of snaps over the course of those events.

Today, the feature is going Live (if you will) for all users, letting them “experience Stories contributed by the Snapchat community at all sorts of events […] around the world,” according to the official blog post.

It’s unclear how events will be chosen to be a part of Snapchat’s new Live “Our Story” section, or whether or not this will one day act as a revenue stream for Snapchat. It’s not hard to imagine music festivals, sporting events, concert tours, colleges, or other ‘location-based communities’ paying for access to a marketing channel like Snapchat’s main feed page.

We’ve reached out to Snapchat for more clarity on just how the company plans to select various events, but for now you can update the app to take a look at the new “Live” section. It can be found under Recent Updates.


Via: techcrunch

Dairy Queen Latest Retailer To Report Hack

Dairy Queen is known for its hot fries and sweet treats, but it just made cyber history as the latest victim of a hack attack . The fast food chain has revealed that customer data at some of its stores may be at risk.

According to Dairy Queen, the possible data breach is connected to the Backoff point-of-sale malware that raked Target through the coals last year. Target recently revealed the breach cost its shareholders $148 million, though there’s no indication that Dairy Queen was hit that hard.

“In addition to communicating with potentially affected franchised locations, credit card processors and credit card companies to gather relevant information, we immediately began cooperating with the authorities investigating this particular malware,” Dairy Queen said in a statement. “We continue to communicate with our franchisees and service providers regarding steps necessary to protect customer data and minimize any impact to our customers.”

Early Warning Signs

Brian Krebs of Krebs on Security was the first to see hints of the breach. On Aug. 14 he pointed to sources in the financial industry saying they were seeing signs that Dairy Queen may be the latest retail chain to fall victim to a cyberattack.

“I first began hearing reports of a possible card breach at Dairy Queen at least two weeks ago, but could find no corroborating signs of it — either by lurking in shadowy online ‘card shops’ or from talking with sources in the banking industry,” Krebs said.

“Over the past few days, however, I’ve heard from multiple financial institutions that say they’re dealing with a pattern of fraud on cards that were all recently used at various Dairy Queen locations in several states,” he added. “There are also indications that these same cards are being sold in the cybercrime underground.”

Protecting the End Points

We turned to Mike Davis, CTO at real-time endpoint threat protection firm CounterTack, to get his insights on the Dairy Queen breach. He told us the fact that franchisees are not required to tell the franchisor about security breaches illustrates how breach notification processes are weak not just in retail but in most industries.

“The franchisor brand is effected when a franchisee causes a security breach,” Davis said. “Franchisors should start requiring security controls of their franchisees above those required by PCI and third parties the franchisee may work with. The franchisor’s brand could be destroyed easily without better controls in place for franchisees.”

What’s more, without real-time insight into what processes and activities are occurring on franchisee point-of-sale systems, the time between a breach being detected and a security team knowing the impact is too great, Davis said.

“With ups and now downs, it seems the media knew about the impact of a breach before the companies did, and that is a real problem that can only be addressed by utilizing endpoint threat detection and response technology to know exactly what happened on what endpoints during an attack,” he added.


Via: toptechnews

Facebook Hosts First Hackathon For Female Veterans

There are dozens of hackathons in Silicon Valley every month, but on Monday Facebook hosted one with a twist. Rather than the college-aged brogrammers that usually dominate the coding marathons, female veterans were the only participants at the first Women Vets in Tech event.

About 30 female veterans participated in the hackathon, pitching a variety of ideas from Bohdi therapies, an app to provide therapy to vets suffering from anxiety, to Puppyness, a crowd-sourced app that would tell dog owners which restaurants and stores in their area are dog friendly.”

This is the fourth Vets in Tech hackathon since it hosted its first in November 2012 at Adobe. The organization focuses on teaching veterans entrepreneurship skills and connecting them with tech companies as they return from active duty and search for employment. The Facebook hackathon was the first that was only for female engineers.

Starting the day at 7 a.m., the women veterans worked with Facebook engineers on developing business models and pitches for a panel presentation later that night with judges from Facebook, Y Combinator, Next World Capital and GE Ventures Healthcare.

Kristi Erickson, a clinical psychologist who has worked with veterans and who is a military veteran herself, took home first place in the competition with her proposal for a company that would create an app and a virtual reality simulator using technology such as Oculus to provide veterans with anxiety treatment.

As the winner of the competition, Erickson is now raising funds on Indiegogo. She also receives office space and lunch with Craig Hanson at Next World Capital.

In a phone interview with TechCrunch on Tuesday, Erickson said she realized the need for a service like Bohdi while talking with veterans who were frequently not completing their treatments for anxiety and post-traumatic stress disorder because the exposure treatments they were receiving were too painful and difficult. But knowing that 91 percent of patients who complete treatment have improved quality of life, Erickson wanted to find a way to help other veterans complete their treatment.

In her work, Erickson implements dialectical behavior therapy (DBT), which she says focuses on helping patients cope in real world situations. She said this therapy could be enhanced by creating an app patients could access on the go. In an example, she said a patient beginning to experience anxiety symptoms while walking through a crowded Walmart could pull out the app, which would then provide the patient with situational coping techniques. Patients could also practice these techniques stimulation exercises using virtual reality technology.

Erickson said she has been thinking about creating a company like Bohdi for almost a decade, but technology has just caught up with her vision.

Her project was enhanced at the hackathon when she was able to work with a veteran who had experience working with Air Force flight simulators and another veteran who worked with a nonprofit for homeless veterans.

“There’s just a great need right now for military service members to gain treatment,” she said. “We all know about the problems right now with the VA and access to care. If we can come up with these new ways to use technology we can reach more of the people who actually need the help.”

Facebook first became involved with the Vets in Tech initiative last year, when its own internal group of veteran employees connected with the group and started a veterans hackathon at the company’s headquarters last year. This year Vets in Tech came back to Facebook, asking them to host a hackathon specifically focused on female entrepreneurship.

Amanda Talbot, a Facebook Diversity Recruiting Strategist and veteran, said the number of veterans working at Facebook is increasing, although Facebook does not publicly disclose how many employees self-report as veterans.

“It’s a very active group,” she said. “We’re always looking to recruit more veterans to work here at Facebook.”

Another Facebook employee and veteran, Anthony Pompliano, was one of dozens of Facebook employees who came to offer technical advice to the female veterans. Pompliano, who had two startups after serving in the military, said it was important to give military veterans the confidence that they have the skill sets one needs to succeed in the tech sector.

“We hope people can leverage those skill sets rather than feel they’re at a disadvantage,” he said.

The dozens of veterans in attendance on Monday ranged in their technical abilities. Some just had experience in social media, while others were full stack developers. Vets in Tech founder Katherine Webster said it was important for Facebook to host an event like this because frequently companies underestimate the technical skills military veterans have. She said more resources should be devoted to accelerated programs that teach veterans these skills because they made sacrifices for their country rather than taking the traditional path and immediately spending four years in college.

“I’m so impressed with the quality of these women,” Webster said. “They’re just as smart as people at any hackathon, and on top of all that they fought for our country.”

via: techcrunch

Dropbox Beefs Up Its Pro Feature Set, Now Offering 1TB Of Storage For $10/Month

In today’s cloud storage wars, most companies are defined by the amount of space their users get for the least amount of money. With new pricing and updates to its Pro offering, Dropbox is hoping to show that it can compete on price while also providing greater value to paying users through a number of new features they probably won’t find on other services.

Many Dropbox users start out as Basic users, but the company increasingly has been trying to get customers to upgrade and pay for storage. In 2011, the company launched Dropbox for Business, which has seen a fair amount of success in the years since. Dropbox says that it’s used within 4 million companies and 97 percent of Fortune 500 businesses, although not all of those companies are paying customers.

While enterprise customers can be a lucrative business, Dropbox sees a huge opportunity to get its Basic users to upgrade and pay for file storage through Dropbox Pro. Until today, those so-called “prosumers” were paying $10 a month for 100 GB of storage, but they had a feature set that was pretty similar to the company’s Basic offering.

Well that’s all changing. Dropbox is looking to offer Pro users a lot more storage and a lot more features than their Basic brethren, which it hopes will give a lot more people a reason to upgrade.

For starters, let’s talk about storage: Dropbox Pro now offers 10x the storage that users previously got, boosting available capacity for each of its users to 1 TB for $10 a month. By doing so, Dropbox is matching pricing for Google Drive, which lowered its prices for a TB of storage earlier in the spring. And it’s making its Pro service much cheaper than comparable cloud storage plans from Box and Microsoft OneDrive.

Update: When this was wrote, it was referring to Microsoft OneDrive pricing listed here, not Microsoft’s Office365 subscription prices. As readers have pointed out in the comments, such subscription costs $6.99 a month and includes 1 TB of storage that can be connected with 1 Mac or PC, or $9.99 for 5 accounts with 1 TB each.

Dropbox isn’t just competing on price, however. The company hopes to capture users not only by lowering prices, but also by providing a more comprehensive feature set to users who entrust their files to its servers.

Already, the company had developed a fair amount of technology aimed at making use of its storage easier between devices. With seamless background syncing of files between its cloud services and devices, it ensures that users have online backups of all the content that is most important to them. It’s also done a fair amount of work to smartly sync files as they’re updated.

The new Dropbox Pro feature set is designed to give prosumers the flexibility they desire while maintaining the same general user experience that they’ve become used to. In doing so, Dropbox is mainly targeting creatives and independent professionals who rely on Dropbox for collaboration and sharing of files with partners and customers.

Some of the tools are aimed at giving Pro users more security features around the files in their Dropbox. That includes enabling users to add passwords for shared links, or set expiration dates that will take shared files down after a certain amount of time. Users will also be able to set view-only permissions to shared folders to ensure that their files aren’t messed with by people they’re shared with.

Another feature that is now available to Pro users is the ability to remotely wipe files from your Dropbox folder if your laptop happens to get lost or stolen. By doing so, any Dropbox files or folders that were connected to that device will no longer be accessible the next time that the computer, phone, or other device comes online. And if the device is recovered, users can easily reconnect it to their account.

Dropbox previously offered 200 GB for $20 a month and 500 GB for $50 a month, but with the increase in storage to 1 TB, it’s decided to drop those tiers. As a result, in the short term it could make slightly less money from users who paid a premium for their storage plans.

However, the company could easily make up the difference by increasing the number of Pro users who sign up. The combination of more storage and better features could help drive that adoption among a rapidly increasing user base.

Dropbox now has more than 300 million users signed up, which is an increase from 200 million users it hit nine months ago. Those users are also extremely active, saving more than a billion files to its cloud storage every day.

With a whole bunch of new funding, Dropbox will need to continue attracting new (paying) users to justify its $10 billion valuation. And offering up a lot more value at an extremely low price is one way to do that.



Via: techcrunch

Apple Patents Flexible Display Tech That Turns Screens Into Buttons, Microphones And More

Apple has a new patent granted by the USPTO today (via AppleInsider) that describes various control mechanisms that could be used with flexible displays, to replace components such as physical buttons with more durable and resilient alternatives, and to create alternate means for detecting sound output, providing haptic feedback and even performing other tricks like making it easier to open a MacBook lid.

The Apple patent describes various ways to use a flexible display for various input methods at length, pointing out ways that you can put flexible display material over actuators to create new buttons on-demand. It also provides methods for overlaying them on existing button features found in the iPhone, like the Home button, effectively providing access to it while still protecting it and providing a continuous surface for the user.

Using the flexible display over top of the buttons and switches has another benefit – it allows Apple to potentially extend screen space, making it possible to build all-display devices that can grow or reveal buttons when needed. These can take the form of actual physical buttons, too, as created by actuators used underneath the display layer to push up on the screen and create ridges or bumps. The effect would be sort of like what’s happening with the Tactus keyboard, which can produce a physical keyboard out of a flat, transparent display cover.

The ability to generate buttons from nowhere is a cool trick, and definitely useful for users who might have vision problems, but it’s possible the coolest trick here is actually the use of diaphragms integrated into the display that can use used either with a speaker to output sound, or to detect sound input by picking up vibrations in the flexible screen material.

While the patent overall seems geared at devices like the iPhone and iPad, since it’s all about saving space on mobile devices,


Via: techcrunch

PlayStation Network downed by DDoS attack, other gaming networks hit too

Millions of gamers were unable to access Sony’s PlayStation Network for what seemed to be the entirety of Sunday after it was crippled by a distributed denial-of-service (DDoS) attack, according to a Sunday post, which adds there is no evidence of a breach of personal information.

Other gaming networks also experienced similar problems at various points throughout the weekend, including Microsoft’s Xbox Live, which continued to have some issues on Monday, and Blizzard’s Additionally, developers of League of Legends and EVE Online took to their respective forums to discuss being targeted by DDoS attacks.

DDoS activity has been on the rise throughout 2014, according to various reports.

As it turns out, the methods used to carry out DDoS attacks against websites are virtually identical to those used to hit gaming networks such as the PlayStation Network and Xbox Live, Matthew Prince, CEO of CloudFlare, told in a Monday email correspondence, explaining that DDoS attacks are ultimately about overwhelming a resource with a large number of requests.

“I don’t know a lot about [PlayStation Network’s] or Xbox Live’s application design, but my hunch is it’s just based on typical web protocols and therefore would be vulnerable to the same application attacks that a website is; and even if it’s based on some custom application, since it is accessible over the internet, it wouldn’t be difficult to craft application level requests (Layer 7) that would affect it,” Prince said.

However, speaking specifically on the PlayStation Network, Prince speculated that it was downed by a volume-based Layer 3 attack – DNS reflection is an example of a Layer 3 DDoS attack – because of a Sunday tweet from John Smedley, president of Sony Online Entertainment, in which he wrote, “The problem is upstream of our network we have no control. So they are flooding the routes to us too. That’s how it works.”

Prince said, “These are very difficult problems to deal with, even for a large company like Sony. The challenge is that the biggest router that you can buy only has a 100Gbps port on it and Layer 3 attacks today can get much larger than that. The largest attacks we see now exceed 500Gbps.”

Also speaking on the PlayStation Network DDoS attack, Marc Gaffan, co-founder of Incapsula, told in a Monday email correspondence that a Layer 3 attack could have overwhelmed defensive measures that Sony had in place, or a Layer 7 attack could have gone on undetected.

Gaffan said identifying DDoS attacks is not necessarily an easy task, and added that “if the attack vector was undetectable by [a] DDoS mitigation solution that was already in place, it may have taken a long time to get an alternative solution up and running, or the attack may have just died down.”

Along the way on Sunday, the American Airlines flight carrying Smedley was diverted from San Diego to Phoenix for “security reasons,” Smedley posted on Twitter. Numerous follow-up photos and tweets posted by various Twitter users indicated passengers were being taken off the plane and luggage was being scanned.

The reason is likely due to a tweet directed at American Airlines by Lizard Squad, the group taking responsibility for the DDoS on the PlayStation Network, as well as some of the other aforementioned issues. The group tweeted, “We have been receiving reports that [Smedley’s] plane #362 from DFW to SAN has explosives on-board, please look into this.”


Via: scmagazine

Secret Service says “Backoff” malware hit 1000 businesses – 6 tips to keep your data safe

It now appears that the string of recent data breaches at US retail establishments was not a coincidence, but rather related attacks using the same malicious software kit.

In a security advisory from the US Secret Service dated 22 August 2014, obtained by the New York Times, the government said the malware known as Backoff has struck more than 1000 US companies since October 2013.

US government agencies including the Secret Service first publicly warned businesses of the Backoff malware in a bulletin on 31 July 2014, but only now is the extent of the malware’s reach becoming clear.

Backoff is a type of malware called a RAM scraper, because it steals clear-text payment card data out of RAM (Random Access Memory) on point-of-sale (PoS) computers.

The recent Secret Service bulletin doesn’t name any of the impacted businesses, but does say that seven PoS system providers have confirmed that they have had “multiple clients” infected with the Backoff malware:

Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the “Backoff” malware. Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1000 U.S. businesses are affected.

Even though the report doesn’t name any victims, you may have read speculation that Backoff is the same malware that turned up in Target’s breach, or that it is the malware behind recently-announced breaches such as the one at UPS Stores.

We’re not aware of any evidence to support either of those theories, but we’re not convinced that it really matters, anyway.

Your security goal should ideally be a defense-in-depth strategy that helps to protect against any and all malware, as well as against a range of other potential security problems.

Backoff – what it does

The cybercrooks behind the Backoff malware seem to have focused on poorly-secured systems, breaking in by means of remote access applications such as Microsoft Remote Desktop (RDP), Apple Remote Desktop and LogMeIn.

According to the US Computer Emergency Readiness Team (US-CERT), the criminals use publicly available tools to locate businesses that use these remote desktop tools and then simply guess at the necessary passwords to gain administrator access.

Then the criminals are able to deploy the Backoff malware, which scrapes the PoS system’s memory for payment data and sneaks it out of the infected network hidden in an encrypted web upload (an HTTP POST request) to servers controlled by the crooks.

Additionally, Backoff has a general purpose command-and-control (C&C) function that can also update the malware, uninstall it, or download yet more malware.

US-CERT’s alert says researchers have identified three primary variants of Backoff, which have been around since as far back as October 2013.

Since that time, Backoff has added keylogging functionality, which it can use to steal keystrokes such as passwords.

How to stay safe

US-CERT has updated its alert to advise businesses on ways to mitigate Backoff.

Naked Security writer and Sophos Senior Security Advisor Chester Wisniewski has some further advice:

Application control and network monitoring can help detect the presence of connections to these systems as well. Careful monitoring should be able to detect or prevent unexpected or unauthorized remote connection attempts.

Tips for businesses

  1. Segregate your networks.
    Shield your PoS computers from the all-purpose computers in your business.
  2. Limit the applications allowed on your PoS computers. Consider using Application Control to be notified if someone or something tries to install risky software on a cash register.
  3. If your anti-virus has a Live Protection service, make sure it is on and working. With a suitable firewall rule, your PoS computers can benefit from almost-instant updates when new threats emerge.
  4. Don’t ignore warning signs. Target failed to react to reports from its own IT support center that would probably have led to much earlier detection and remediation of its massive malware infestation.
  5. If your anti-virus has a Host Intrusion Prevention System (HIPS), use it on your PoS computers. Software behavior on a PoS system ought not to change without warning, so deviations are always worth blocking and investigating. (See also #2 and #4.)
  6. Review your remote access policies and procedures. Consider requiring the use of a Virtual Private Network (VPN) with two-factor authentication (2FA) support.



Via: Sophos

Microsoft jumps into NoSQL market with new Azure data store

Microsoft Azure DocumentDB offers NoSQL data storage as a service on Azure.

Jumping into the growing NoSQL market, Microsoft has debuted a simple data store through the Azure cloud hosting service.

The document database is well suited for organizations or startups that need a back-end database for storing data on a mobile or Web application, according to Vibhor Kapoor, Microsoft Azure product marketing manager, who introduced the service in a blog post Thursday.

The Azure DocumentDB service, now in preview, is the first NoSQL-styled document database from Microsoft. Azure also offers a number of other NoSQL databases from other vendors, including those from MongoDB, MongoLabs, Nodejitsu, Redis and RavenHQ.

In addition to providing basic document storage capabilities, the service also offers query processing and transaction semantics, two features usually found in relational database systems.

A number of NoSQL databases have sprung up over the past decade to address the need of storing and accessing large amounts of information very quickly, sometimes across multiple servers. Traditional SQL databases have been hard-pressed to scale to the sizes typically required for such work.

Microsoft also announced a number of other initiatives around its cloud service. It is offering the Bing search as a service that can be embedded within third-party applications. Apache HBase database software is now available within Azure’s Hadoop service. And Azure now offers over 300 virtual machine images pre-configured for a variety of tasks.



Via: computerworld

Four apps that give you free money

You use your smartphone obsessively anyway — might as well make some money while you’re at it.

When you take your phone to the bathroom (don’t lie, everybody does it), or when you’re standing in line fiddling with it at Starbucks, what are you doing? Are you checking email? Sending a SnapChat? Playing Words With Friends? Or are you using it to make money?

That’s right–you’re wasting precious time playing Candy Crush when you could be earning cold, hard cash! (For the purpose of this rhetorical question, using your phone for work email doesn’t count as making money.) Here are four free, awesome, easy-to-use apps that will pay you in cash–sometimes gift cards–just for using your phone in everyday situations. So what are you waiting for? The only thing stopping you from making money is the fact that you haven’t downloaded these apps yet.


Swagbucks is a popular online rebate site that asks its users to do a variety of tasks, like shopping online, taking surveys, voting in polls, watching videos, and searching the Web–to earn virtual currency, which can then be traded in for real currency. One “Swagbuck” equals approximately one cent, so you have to be a pretty dedicated user (Swagger?) to get money.

That’s where Swagbucks’ app (free; Android and iOS) comes in. The app lets you perform many smaller tasks, including voting in the daily poll (one Swagbuck per day), completing trial offers, and searching the web through Swagbucks’ search engine. You can also watch videos (every ten videos watched earns you a couple of Swagbucks), but you’ll need to download Swagbucks’ separate, also free, Swagbucks TV app to do so.

With the Swagbucks app, you can track your Swagbucks balance and redeem your winnings for gift card rewards. I prefer the $5 Amazon gift card reward, because you get more money for your (Swag)buck: It costs just 450 Swagbucks, instead of the usual 500. The app also lets you enter in Swagcodes, which are time-sensitive secret codes that the company posts to its social networks throughout the day. The app, like the Swagbucks browser add-on, also alerts you to when new Swagcodes have been posted–and Swagcodes are typically only valid for a few hours, so this is actually a very useful feature.

The Swagbucks app isn’t how you’ll earn the bulk of your Swagbucks: You’ll do that online, mainly by taking surveys and shopping through Swagbucks’ “shop and earn” program. However, the app is a great way to supplement your balance, since most of the in-app tasks take just a few seconds to perform.


I’m going to go out on a limb and make a crazy assumption: When you’re visiting a brick-and-mortar store, you almost always have your smartphone with you, right? Well, what if you could earn money (or rather, “kicks,” which are points you can redeem for gift cards) just by having your phone with you when you walk into a store?

Shopkick (free; Android and iOS) rewards you for shopping–and the great news is that you don’t even have to buy anything. There are three ways to earn kicks on Shopkick: By walking into stores, by scanning product barcodes with your phone, and by making actual purchases. Walking into a store will net you around 100 kicks, and scanning items will get you anywhere from 20 to 50 kicks.

Stores include popular mall staples like Macy’s, The Sports Authority, Target, and Best Buy, and products to scan include anything from bags of Ruffles potato chips to Clorox wipes. Scans are not store-specific, and scannable items are mostly brand-name home supplies, so you could possibly just go around your house scanning things if you really wanted to. (I certainly did).

When you have enough kicks, you can exchange them in Shopkick’s rewards store for gift cards. A $5 Macy’s gift card costs around 1250 kicks, so one kick is a little under half a cent.


There are plenty of online rebate sites (such as Ebates and FatWallet), which reward you for shopping online. The way these sites work is by “referring” you to various outlets: You click on a link from their site to an online store you like, and the store rewards them with a kickback (a percentage of your purchase) in exchange for the referral. The rebate site then gives you a smaller kickback when you buy something, so you keep going through them to do your online shopping. The store gets free advertising, the rebate site gets money, and you get money–it’s a win-win-win situation.

Ibotta (free; Android and iOS) translates this win-win-win situation into the mobile/physical store realm…sort of. Here’s how it works: Ibotta offers rebates for things you purchase in a physical store. To get these rebates, you first have to unlock them using various methods, such as taking a poll, watching an informative video, or posting a Facebook status update about the product. (This is how the product-maker gets “free” advertising.) After you’ve unlocked a rebate, you can go purchase the product. Then, just take a picture of your receipt with Ibotta’s app, and your account will later be credited.

Seriously, it’s that easy. Ibotta’s offers are mostly store-specific, so you have to find the right product in the right store. Luckily, most of the products (and stores) are normal things you’d actually purchase without an incentive: Granola bars, cereal, milk, cleaning supplies, toiletries, clothing, and alcohol, to name a few. Some stores don’t even have product-specific offers–GNC, for example, will give you $5 if you upload a receipt that shows you spent $25 or more at their store.

Ibotta also offers bonuses, including “teamwork” bonuses. If you connect the app to Facebook, Ibotta will find all of your Facebook friends (who are using Ibotta and who have connected the app to Facebook) and place them on your team. When your team completes a challenge (such as uploading at least $10 worth of rebate receipts in a week), everyone on the team gets a bonus.

Ibotta pays you in cash, and most of the rebates are between $0.25 and $2. You can get paid via PayPal or Venmo (where you’ll get a $3 bonus), and there’s a $5 minimum to cash out.

Receipt Hog

Ibotta offers some of the heftiest rewards, but it’s also a lot of work: You have to unlock rebates, buy products, and then upload your receipts. But what if you could just skip the first two steps (which are the most work, anyway), and just upload photos of receipts? And get money for it?

Receipt Hog (free, Android and iOS) lets you do just that. It asks you to submit receipts from grocery stores or grocery-like stores (convenience stores, drug stores, dollar stores, pet stores, liquor stores, and supercenters) for market research purposes. (The company insists your data will remain anonymous.) Each receipt you submit will earn you coins, which you can then trade in for cash or Amazon gift cards.

The number of coins you earn depends on how much you spent: Receipts under $10 earn 5 coins, $10 to $50 earns 10 coins, $50 to $100 earns 15 coins, and more than $100 earn 20 coins. You are limited to three receipts per store per day, however, so no breaking down your $200 grocery purchase into 20 $10 purchases. Receipt Hog also adds a gamification element into the mix–as you feed your hog receipts, he grows bigger and earns bonus spins in the Hog Slots, which are virtual slot machines that give out coins and real cash.

When you have enough coins, you can redeem them in the rewards store for cash (paid via PayPal) or Amazon gift cards. 1000 coins gets you a $5 cash or card, so one coin is worth about half a cent–but if you wait for a bigger payout, Receipt Hog will give you a better deal (4500 coins will get you $30). Receipt Hog is great for lazy people who go grocery shopping–so, in other words, everyone. You don’t have to shop at a particular store or buy a specific product–you just have to take pictures of your receipts.

Every cent counts

Truth time: You’re probably not going to get rich by redeeming Swagcodes and walking into stores with the Shopkick app open and taking photos of your receipts. But these apps aren’t meant to replace your day job. Instead, think of them as productive time-wasters: When you have a few minutes, or even just a few seconds to spare, you can open up one of these apps and tick off some boxes. Or if you happen to be walking through the mall and a Macy’s is staring you in the face, you can walk three steps and earn three kicks.

Earning money cent-by-cent isn’t going to make you a millionaire, but it can eventually offset some of your everyday costs. After all, I’m typing this article on a $100 keyboard I bought using Amazon gift cards I earned through Swagbucks.


Via: itworld