Researcher Exposes Major Apple Security Risk

There are two kinds of hackers; those who use their skills for good – or of course – those who use them for evil. The good kind of hackers are either security testers or security researchers. To be a good security tester you have to think like a villain, and go through an app like a hacker would looking for vulnerabilities.

And that was exactly what French iOS security researcher, Pod2G, did on Friday when he identified a SMS spoofing flaw in every version of Apple’s OS. As explained by Devindra Hardawar in VentureBeat:

Using the flaw, hackers could spoof their identities via text and send messages asking for private information (by pretending to be from a users’ bank, for example), or direct users to phishing sites.

As Pod2g explains it, an SMS text message is converted to Protocol Description Unit (PDU) when sent from a phone, a dense protocol that also handles things like voice mail alerts and emergency medical systems. If a hacker was able to send a message in raw PDU format, they could take advantage of the User Data Header section to alter the reply number for a text.

If properly implemented, you should see both the original texting address and the altered reply number. But on the iPhone, you only see the altered reply number. For whatever reason, the original sender gets hidden. The flaw only relates to texts on the iPhone, and not messages sent through Apple’s iMessage network (those don’t hit the SMS protocol at all).”

Pretty scary stuff. These types of vulnerabilities can exist on any device or mobile application. The only way to discover them is to utilize a community of skilled security experts for testing.

To learn more about security testing click here.

Google Makes Updating Apps Easier

Delta Update making app updating fasterGoogle has changed the way app updates are pushed to users’ devices. The improvement will make updates quicker, take up less bandwidth and drain less battery. Functioning on Android devices running Gingerbread or higher, “delta updates” work by only updating the parts of an app that have actually been updated by the developers (rather than reinstalling the entire app). According to TechCrunch, the feature was announced at Google I/O in late June, but only launched this week. In fact, the launch was so quiet that it took some people noticing how much less space updates were taken to realize that the feature had even been pushed live. From TechCrunch:

According to Android Police, an update of the popular ezPDF Reader, which would usually weigh in at about 6.3MB, now clocks in at under 3MB. An update to Instagram, which went out this morning, is now a 3MB download instead of 13MB for the full app.

These numbers should be even more dramatic for larger apps and especially games. After all, instead of having to download all the graphics assets for a game again, you now only have to download the parts needed to enable that new level or feature.

Let us know if you notice any difference the next time you update an app.

4 Apps For Finding Your Lost or Stolen Phone

That sinking feeling of dread sets in and your stomach becomes one giant knot … you can’t find your mobile and you don’t remember the last place you had it. Was it in the car? Did you leave it at the restaurant? Did it fall out of your bag in the cab? Did someone take it out of your bag?

Considering how expensive these devices can be and how much personal information we store on them we’re usual desperate to get the device back in our own, non-malicious hands. If you don’t take the precautionary measure of installing one of these apps then all you can do is hope that it turns up on its own, a good samaritan turns it in or the person who took it only wanted the phone itself and just erases your data without giving it a second look. If those options don’t sound so hot, go with one of these four apps (highlighted by Read Write Web) that will help locate your MIA device.

Find My Phone (iOS)
By far the best-known method for finding a lost device is Apple’s free Find My iPhone app. It has all the key features, including geolocation, remote alarm and remote wipe. All you need to do is enable the app from your device settings.

Prey (iOS, Android, Linux, OSX, Windows)
Prey is the only mobile-recovery application that works across phones, tablets and computers. An open source product, its features include geolocation, snapshots, screenshots and remote hide/wipe.

Continue Reading

Want Your Mobile App to be a Hit? Copy These Guys.

Mashable posted a great summary of mobile companies that are killing it right now – and suggests that if you want to obtain similar success, that you should copy what they’re doing. Well, maybe not copy entirely, but you get the idea. One example they gave was that of Path’s sliding navigation. Take a look:

One of the most common modern mobile and tablet UI conventions is the slide-out navigation panel. Rather than having floating menus or relying solely on upper or lower tabs, users can slide to the left or right of the screen to bring up an extended vertical menu of options or notifications.

The method was first introduced by Facebook in its iPad app, but since then, dozens (if not hundreds) of apps for iOS and Android have started to employ the feature. Ken Yarmosh details some common use cases of this design pattern on his blog.

For us, the prime example of the best way to use this sort of UI pattern is Path for iPhone [iTunes link] and Android [Google Play link].

What we love about Path’s approach is that the slide-outs work on both the left and right side of the app. Sliding in from the left brings up typical menus and user-level notifications. Sliding out from the right brings up friends details and search.

Path — like most apps that employ the slide-out feature — also aligns the slide animation to top buttons — which is great for users that don’t know how to use the feature, or for accessibility purposes.

Read the rest here >>>

Are You Suffering From a Mobile Addiction?

You can’t function without it – sleeping beside it every night and checking on it every couple of minutes. No, I am not talking about your significant other; I am talking about your mobile device.

Are you suffering from a mobile addiction? If you answered “yes” to any of the following questions, mostly likely you are:

  • Do you sleep with your mobile device in arms reach?
  • Do you check your phone every 30 minutes?
  • How about every 10?
  • Do you panic when you leave your phone behind?
  • Does the thought of being without your mobile device make you nervous?

A recent poll done by Time Magazine confirms that most of us do indeed have an addiction to our mobile devices. The study states that 1 in 4 people check their mobile devices every 30 minutes, and 1 in 5 check it every 10 minutes. In addition, three-quarters of those in their late 20s sleep with their mobile devices beside them.

As written by Nancy Gibbs in Time Magazine:

“A third of respondents admitted that being without their mobile for even short periods leaves them feeling anxious. It is a form of sustenance, that constant feed of news and notes and nonsense, to the point that twice as many people would pick their phone over their lunch if forced to choose.”

What are your thoughts on Time’s study, and how has technology changed your life? Share your thoughts in the comments section.

 

The Starbucks VS Dunkin Donuts Rivalry Goes Mobile

Most coffee drinkers know the decision-making process well; is today a Starbucks or a Dunkin Donuts day? As of today, despite which coffee chain you choose, the purchasing process is easier than ever. Both coffee chains have gone mobile with mobile payment apps.

The Starbuck’s mobile-payment app is a very popular one, and has been available for years, known as “Starbucks’ Mobile Coffee Card”. The app can find a Starbucks near you, let you pay for your coffee with your app and can access your loyalty and rewards points.

Now, you can also pay for your Dunkin Donuts coffee via mobile app, with the new Dunkin Donuts app for iOS and Android.

Al Sacco on CIO’s Blog says the Dunkin App could be a mobile payment game changer, but might not be 100% in-the-wild-friendly:

“The Dunkin’ apps are notable because Starbucks’ app is one of the few mobile-payment apps that consumers have embraced, and if the Dunkin app is similarly well-received, the two coffee-chains could prove to be significant motivators in the acceptance of mobile payments in general.

One potential problem: Dunkin’ Donuts locations must have the appropriate scanners and systems to process the digital barcode information. The Starbucks mobile app has been available for quite a while, and I still occasionally find locations that do not have the equipment needed to scan the mobile payment app. The Dunkin’ app is brand new, so I can only assume it will take some time for the company, or each franchise, to roll out the scanners.

What are your thoughts on mobile payment apps? Let us know in the comments section.

4 Apps Perfect for Shark Week

Shark Week Plus appShark week may be almost over, but there’s still time to submerge yourself even further into the salty deep populated by giant predators – and these apps will help you do it!

These first apps, highlighted by All Things D, are novelty and game apps that willl  help you get into the spirit.

Jaws Revenge (iOS)
In this addictive linear game, you’re the shark, and you’re out to kill — fish, people, buoys, boats — to keep your energy up, earn coins, and progress to the next level. A “frenzy” puts your shark on steroids for a fast-paced feeding session. The shark jumps high enough to catch birds flying overhead, and emits angry noises that make it sound more like a rabid dog than a giant fish, which is pretty much what you’d expect from a gamified version of a Hollywood-made shark.

Shark Bite Me (iOS)
This app applies gruesome shark-bite effects to any photo, with a variety of different bites available, like Tasty Tear, Chunky Chomp and Nasty Nibble.

The app, which is made by U.K.-based digital media company Moshen, also offers shark myths and facts (did you know that there are approximately 400 species of sharks?).

Shark Week Bingo
This free Web app from Discovery prompts you to log in through Facebook, indicate which Shark Week program you’re watching, and from there, play a fun, competitive game of Bingo with other viewers. …

 As items appear on the screen during the program, you select a box with that item — a shark fin, or a life jacket, or a seal, for example — the goal is to get five boxes in a row checked off.

Read more at All Things D >>>

If you want the official experience, check out Discovery’s Shark Week Plus (iOS only). The app features behind-the-scenes notes and videos, exclusive photos and interactive features like trivia, polls and games. Happy Shark Week!

Don’t Rely On Apple’s Baked-In Security

All the eggs in one basketNot that there’s anything wrong with Apple’s built-in mobile security features – it’s the opposite actually. It turns out that developers are relying almost entirely on the OS’ security and not bothering to build out security at the app-level, according to a CNN article. Putting all your eggs in one basket makes it pretty easy to break a lot of eggs at once. From CNN Money:

With thousands of apps in the iTunes App store all featuring the same exact security features, one single vulnerability could have a domino effect.

“Security is now an afterthought for many app developers,” said Jonathan Zdziarski, senior forensic scientist at viaForensics, in a presentation at the Black Hat cybersecurity conference in Las Vegas on Thursday. “That means if you hack one, you can hack them all.”

Read the full article at CNN >>>

It’s not likely that someone will hack all the apps on your phone at once (they’d need to have access to your phone then find and exploit a security hole within iOS), but the point is that app developers shouldn’t rely on something that is totally out of their hands. App developers have nothing to do with iOS security testing and thus have no insight into what is done, how it’s done or anything that might have been overlooked. If a vulnerability is discovered (which isn’t common with iOS but isn’t unheard of either) developers have no control over how quickly a patch is pushed. Essentially, you’re letting someone else control your fate.

By not building security into your app, and thoroughly testing that security, you’re leaving your users susceptible to hackers – and wronged users aren’t going to point the finger at Apple if a vulnerability is exploited and their information if exposed through your app, they’re going to blame you. Would you leave your doors unlocked just because you have a fence around your house? Sure, it may be a high fence, but a determined robber will find a way around it.

uTest Acquires Mobile Testing Tool Apphance

In case you missed the biggest news of the day, uTest (the brilliant, talented and incredibly attractive people behind this blog) acquired Apphance – an awesome mobile testing tool.

Since this is a mobile app testing blog this is definitely something you’re going to want to learn more about. Here’s an overview of some of Apphance’s coolest features.

Over-The-Air App Distribution

This one is huge for anyone developing a mobile app where build updates happen frequently. With over-the-air app distribution, you can upload a new build and your testers will be able to download an update either within the app or via email. That means they’re not wasting time testing an out-of-date version of your app or trying to get updates installed on their device.

Devices in ApphanceWhile app distribution is just for pre-production apps, having Apphance track your builds can be very useful for everyone from pre-production to production users. Apphance will keep track of your different builds, so it can tie crash reports and bug data to individual app versions. That means that you’ll be able to see how a given version of your app is performing in testing and in-the-wild. You can even choose to ignore reports from older versions of your app and just focus on data from the latest builds, which is perfect for production apps where there are always users who forget to upgrade from their app store.

Crash Reporting

Apphance Crash ReportNobody likes it when their app crashes, but figuring out why it crashed can be incredibly challenging. Even if the developer is holding the device in their hands, the exact reason the app crashed may not be apparent without extracting the buried system and crash logs.

Apphance solves this by detecting crashes and sending crash reports to the Apphance servers in the cloud. Developers can not only see which versions of their app have crashes, but they can even see the details about why the app crashed. Apphance also lets the developer manually log their own status messages, making it easy to track activities that are significant to individual apps. A developer can then go back and review the steps leading up to specific crashes.

Along with the crash report, Apphance will also send some additional data about the state of the device and the app. The exact data it sends depends on whether Apphance is running in pre-production mode or production mode. In pre-production mode, Apphance will send as much detail as possible, while in production mode Apphance sends a more limited amount of detail out of respect for the users’ privacy. You can learn more about the exact details Apphance sends from our help topics.

In-App Bug Reporting

Apphance Bug ReportWhen testers discover bugs in mobile apps, it can be difficult to capture the needed screenshots, write notes about the steps to reproduce the bug, and then enter all that into a bug tracking system that’s usually opened on a completely separate device. Apphance changes all that, allowing testers to report bugs from within the app itself. All the tester needs to do is shake the device (or any other mechanism the developer can specify), and Apphance will begin the bug reporting process. Apphance will take screenshots and get the details from the tester, all without ever leaving the app.

When the bug gets submitted, Apphance includes the same information as a crash report. That means developers can see the state of the device and the app, along with any additional logging information they add manually.

User Feedback

Even the best apps can have frustrated users, and inevitably frustrated users write negative reviews. Apphance gives developers a new tool to listen to user complaints from within the app. When a user is frustrated or having trouble, they can send their concerns directly to the developer using Apphance’s user feedback feature.

Conclusion

All this adds up to Apphance being one incredible mobile quality tool. Developers for iOS, Android, Windows Phone, Kindle, and Nook now have a tool that can distribute their builds to testers, track crashes and bugs in the wild, and get feedback from customers. To learn more about Apphance, check out the website or read the online help topics.