Tag Archives: Mobile Security

Apple responds to location tracking accusations

Tech News from FinallyFast

Apple has released a detailed Q& A statement explaining how the company uses location data, an issue that has had many customers annoyed since last week when researchers revealed that the company’s iPhone contains a hidden data file that stores latitude, longitude, and even timestamps.

The company explains that they are not actually tracking the location of their smartphones (which was also stated in an email from Steve Jobs), and states that it is partly to blame for the uproar due to the fact that they hadn’t fully educated users to understand the complex technical issues with providing mobile users with fast and accurate location information:

“The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple.”

Apple goes on to say that they cannot use the system to identify where their users are actually located, and that the entire crowd-sourced database is too big to store on an iPhone, so an appropriate cache is downloaded onto each iPhone. Apple admits that storing the cache for such a long time was a bug that will be fixed, and that another bug resulted in the iPhone continually updating its Wi-Fi and cell tower data from Apple’s crowd-sourced database even after users turned off Location Services on their phone.

Despite the fact that they are not actually tracking users, Apple says it will release a free iOS software update sometime in the next few weeks that reduces the size of the Wi-Fi hotspot and cell tower database cached on the iPhone, start encrypting and refrain from backing up this cache, and delete it entirely when Location Services is turned off by the user.

A class action suit was filed earlier this week accusing the Cupertino, California company of invasion of privacy and computer fraud and secretly recording movements of iPhone and iPad users.


City and Regional Magazine Publishers Using Mobile Apps

Members of the City and Regional Magazine Association are growing their respective use of mobile apps as an added real-time extension to each participating magazine’s print messaging and influence.

Dining, entertainment, attractions, nightlife, accommodations, shopping, and local sightseeing, as well as the ‘best of,” are among the many categories at the real-time fingertips of both visitor and local iPhone users.
“Many of our association’s members are offering their readers the opportunity to engage with their respective magazines anywhere, any time; providing well-researched and accurate information covering the full gambit of products, services and events available in their respective communities,” explained C. James Dowden, CRMA’s Executive Director.
In addition to iPhone mobile apps, publications like D Magazine are reaching out beyond iPhones into the bigger world of mobile web app providers.
“We realized early on in the mobile app process that when you’re serving a community as big as a city, you can’t focus on one platform and expect to hit the majority…to advance our reach we are expanding into the wider world of mobile web app providers,” explains, Jennifer Erwin, D Magazine Publisher.
“We’ll be able to provide nearly the same rich experience as within an iPhone App, but via the browser across the majority of smartphones.” Erwin added, “Not to mention the fact that we won’t have to deal with lengthy approval processes – or be beholden to any of the providers’ terms – expanding to more mobile web apps also means we can develop these completely in house with our current team…Long term, we’ll be able to react quicker with better mobile products and serve a greater number of users. It’s a win all around.”
New Orleans Magazine has been utilizing mobile Apps for four months now….the app is from CRMA associate member, Godengo, and is tied to the publication’s website,” said Todd Matherne, CEO/Publisher. “We offer ads on the apps and promote with print ads as an added value to our buys…we are still experimenting with ways to increase even more value to our advertisers…and the increased use of mobile applications, is part of that expansion,” added Matherne.
New York’s Buffalo Spree Magazine, is currently working with Zinio, their digital publisher and associate member of CRMA, to get Buffalo Spree digital on the iPhone/pad/touch up and running. “We’re also working with Godengo (on-line publisher) that is developing a mobile version of Buffalo Spree’s website…with the implementation of these two initiatives, we’ll soon be joining the ranks of the growing mobile community,” said Matthew Cirillo, Director of Information Technology for Buffalo Spree Publishing.
Honolulu Magazine publisher, Alyson Helwagen, said their app, developed with Godengo, basically delivers information from their website via an app rather than a browser. “We have maybe 2,000 downloads, which is a lot since we’ve done nothing to promote it — people are just finding it in the iTunes store, explained Helwagen. “We’re still refining, and haven’t done much promoting; we’re waiting until we have the product fine-tuned…We do have a digital edition on sale on the Honolulu site that allows users to read the magazine in any browser, or on any tablet or phone. We’ve been promoting that heavily online, a little bit in print,” added Helwagen.
“As with these magazines – and other titles in various stages of app development – the hands-on convenience of various mobile apps, ultimately provides immediate gratification for consumers making daily and immediate decisions about where to go and what to buy. Their continued and expanded use is projected to increase throughout the CRMA membership, offering both advertisers and users maximum benefit,” stressed, Dowden.


Google’s Android Market Website May Change Phishing, Malware Distribution

Google recently made it easier for its mobile customers to download apps on their computer and install them on their mobile phones. In this same update, the company also made it much easier for their mobile customers to transfer and spread malware, according to a recent report from security research firm Sophos.
Google updated the website for its Android Market, allowing users to download apps on their computer and access them on their mobile devices. This enhances the app downloading experience by providing additional information, through a website accessed on a larger PC screen, and offering a website for the Android Market to customers who may prefer a website format over an app.
Vanja Svajcer, principal virus researcher at SophosLabs, examined the new Android Market website for security and protective standards, downloading a popular game also available on the iPhone. According to Svajcer, Google is generally secure in its standards for downloading apps, providing permission requests designed to ensure the user is aware of everything he or she downloads. Early in the investigation, these standards appeared prevalent and functional in the Android Market website, according to Svajcer.
“The most important security aspect of the installation process on Android are the permissions an app requires on a device after the installation. Android users should particularly carefully read the required permissions before they install any applications, from the official Android Market or any other source,” Svajcer wrote in a recent company blog post. “As expected, the web-based Android Market displays the required permissions so that the user can make an informed decision about whether to install the application.”
This process is flawed on the new system, according to Svajcer, because of an exploit Google researchers have been aware of since last year. Because the system begins downloading an application as soon as the user clicks the install button on the website, the INSTALL_ASSET intent vulnerability, discovered by Jon Oberheide last year, could facilitate the distribution of malicious mobile web apps.
“In summary – if someone managed to steal your Google password they could trick your Android smartphone into installing software, without you having to grant permission on the device itself,” Svajcer wrote.
This vulnerability, and its presence on the new Android Market website, is presenting an entirely new dynamic in phishing and password strength for Google users.
“The result of all this is that a Google password suddenly becomes even more valuable for potential attackers, and I would not be surprised to see even more Gmail phishing attacks as a consequence,” Svajcer wrote. “In future, however, the phishers’ intention may not be to use stolen account credentials for the purposes of sending spam but to install malware on the user’s Android devices instead.”
Mobile malware, which grew 33 percent last year, is set to become more complex and common in 2011, according to AdaptiveMobile.