posted about 11 hours ago on OSNews
Microsoft is suing yet another Android device maker - but this time it's a very different case than their usual protection money scheme. Microsoft claims that Samsung has stopped complying with a patent sharing agreement between the two companies. After becoming the leading player in the worldwide smartphone market, Samsung decided late last year to stop complying with its agreement with Microsoft. In September 2013, after Microsoft announced it was acquiring the Nokia Devices and Services business, Samsung began using the acquisition as an excuse to breach its contract. Curiously, Samsung did not ask the court to decide whether the Nokia acquisition invalidated its contract with Microsoft, likely because it knew its position was meritless. Interesting, if true. This is what happens when you stop paying protection money - the burly men with clubs show up.

Read More...
posted about 14 hours ago on OSNews
Based on your feedback, we pursued a web experience for IE users consistent with what is available on iOS and Android devices - even where this meant we would be adding non-standard web platform features. We believe that this is a more pragmatic approach to running today's less-standardised mobile web. Thank you, web developers, for turning mobile Safari into the new Internet Explorer. Have you people learned nothing?

Read More...
posted about 23 hours ago on OSNews
Hewlett-Packard has changed its direction on OpenVMS. Instead of pushing its users off the system, it has licensed OpenVMS to a new firm that plans to develop ports to the latest Itanium chips and is promising eventual support for x86 processors. Great news for OpenVMS, and a great move by HP.

Read More...
posted 2 days ago on OSNews
Phone Arena has a short video up in which the BlackBerry Passport gets introduced. The unique hardware keyboard whose entire surface is also a touchpad gets demonstrated. Typical of a BlackBerry, the Passport employs a portrait style QWERTY keyboard. However, this time around, they've minimized the layout by shrinking the row of buttons to a mere 3 - as opposed to the 4 we're normally accustomed to seeing. Additionally, numbers and punctuations aren't available through the keyboard, but they've been turned into virtual keys that sit above the top row for quick access. And during our demo, we got the chance to see the keyboard be used to scroll through web pages by lightly brushing your finger over the QWERTY. This has been a long time coming: innovation in the hardware keyboard space. Currently, there are effectively no decent high-end smartphones with hardware keyboards, and that's a shame. I'm glad BlackBerry has the guts to go against the grain here and try to breath new life into this severely neglected form factor.

Read More...
posted 2 days ago on OSNews
As expected, Microsoft is finally revealing all there is about Update 1 for Windows Phone 8.1. Known internally as GDR1 for 'general distribution release,' this update is one of two for the 8.1 operating system in 2014. The news comes out of Beijing, China where Microsoft's Joe Belfiore announced the release during his keynote, in addition to the expansion of Cortana to the UK and China. Coming next week for Preview for Developers. If Microsoft can keep this pace of updates up, they've got something very good going. A very welcome contrast to the slow and monolithic approach the company took in the first few years of Windows Phone's existence.

Read More...
posted 4 days ago on OSNews
Dan Goodin, at Ars Technica, is writing about a security flaw in Android. It's got all the usual scary-scary language about doom and gloom, quotes from antivirus peddlers, and it wasn't long until sensationalist Apple site AppleInsider took it all one step further (relevant). So, is this a real security threat, or are we looking at sensationalism run amok? This is the issue in a nutshell. The Fake ID vulnerability stems from the failure of Android to verify the validity of cryptographic certificates that accompany each app installed on a device. The OS relies on the credentials when allocating special privileges that allow a handful of apps to bypass Android sandboxing. Under normal conditions, the sandbox prevents programs from accessing data belonging to other apps or to sensitive parts of the OS. Select apps, however, are permitted to break out of the sandbox. Adobe Flash in all but version 4.4, for instance, is permitted to act as a plugin for any other app installed on the phone, presumably to allow it to add animation and graphics support. Similarly, Google Wallet is permitted to access Near Field Communication hardware that processes payment information. Sounds serious! Should you be worried? Is it time to stock up on canned beans and switch to a Nokia 3310? Of course, it's always time to switch to a Nokia 3310, but not really because of this "issue". Buried deep within the Ars Technica article is Google's response to the issue. After receiving word of this vulnerability, we quickly issued a patch that was distributed to Android partners, as well as to AOSP. Google Play and Verify Apps have also been enhanced to protect users from this issue. At this time, we have scanned all applications submitted to Google Play as well as those Google has reviewed from outside of Google Play, and we have seen no evidence of attempted exploitation of this vulnerability. First, a patch been sent to OEMs and AOSP, but with Android's abysmal update situation, this is a moot point. The crux, however, lies with Google Play and Verify Apps. These have already been updated to detect this issue, and prevent applications that try to abuse this flaw from being installed. This means two things. First, that there are no applications in Google Play that exploit this issue. If you stick to Google Play, you're safe from this issue, period. No ifs and buts. Second, even if you install applications from outside of Google Play, you are still safe from this issue. Verify Apps is part of Play Services, and runs on every Android device from 2.3 and up. It scans every application at install and continuously during use for suspect behaviour. In this case, an application that tries to exploit this flaw will simply be blocked from installing or running. As a sidenote, you can actually disable Verify Apps, but unlike what some people seem to think, the dialog you get about sending data to Google when trying to sideload an application has nothing to do with this (that dialog just covers sending data about the application to Google, which is not required for Verify Apps to work). To actually completely disable Verify Apps, you need to go into the Google Settings application (or the Android settings application in 4.2 and up), navigate to Security, and disable it from there. To get back to the matter at hand: this means that every Android user with Google Play Services is 100% protected from this issue. The only way an Android user can potentially be affected by this issue is if she, one specifically allows installation from unknown sources, and two, specifically disables Verify Apps - all accompanied by several warnings. Luckily, not a single application in or outside of Google Play is currently trying to exploit this issue. While one can expect sensationalist nonsense from a site like AppleInsider - you don't blame TMZ for reporting on a fart by Miley Cyrus; you don't blame AppleInsider for spreading sensationalist nonsense - I'm very disappointed that a respected site like Ars Technica resorts to spreading this kind of fear, uncertainty, and doubt, especially since this isn't the first time the site has done so. Recently, it has become very clear that the security industry - antivirus peddlers and similar companies - have focussed all their attention on Android, resorting to all sorts of dirty tactics to scare unsuspecting users into buying their useless software. Since I can't stress this often enough: do not install antivirus on Android (or iOS, for that matter). It is not needed in any way, shape, or form. This is not the first time they have tried to spread and exploit fear, uncertainty, and doubt. Back when Windows started properly shoring up its security, Microsoft released MSE, and the mass infections of the early XP days became a thing of the past, they tried to use the exact same tactics to try and scare the rapidly growing number of OS X users into buying their junk. I advocated against this practice then (more here), and I will advocate against it now. When you come across stories like this, you can almost always assume it's FUD, whether it covers Android, OS X, or iOS. They almost always originate from antivirus peddlers, who know full well that operating system security - on both desktop and mobile - has increased so much these past decade or so that their core business model is at stake, and as such, they have to drum up the FUD. I just wish respected websites would not dance to their tunes for clicks. And yes, you should totally get a 3310.

Read More...
posted 4 days ago on OSNews
We've touched on this topic several times already - most recently only a few days ago: the application store model is facing some serious issues at the moment, to the eavy detriment of users and developers alike. If you don't want to take my word for it - and really, you shouldn't, as you should make up your own mind - Marco Arment has written a great summary of all the problems the application store model is facing, with a lot of quotes from other sources to come to a good overview. Apple's App Store design is a big part of the problem. The dominance and prominence of "top lists" stratifies the top 0.02% so far above everyone else that the entire ecosystem is encouraged to design for a theoretical top-list placement that, by definition, won't happen to 99.98% of them. Top lists reward apps that get people to download them, regardless of quality or long-term use, so that's what most developers optimize for. Profits at the top are so massive that the promise alone attracts vast floods of spam, sleaziness, clones, and ripoffs. Quality, sustainability, and updates are almost irrelevant to App Store success and usually aren't rewarded as much as we think they should be, and that's mostly the fault of Apple's lazy reliance on top lists instead of more editorial selections and better search. And: As the economics get tighter, it becomes much harder to support the lavish treatment that developers have given apps in the past, such as full-time staffs, offices, pixel-perfect custom designs of every screen, frequent free updates, and completely different iPhone and iPad interfaces. The application store model is under serious pressure.

Read More...
posted 4 days ago on OSNews
We've touched on this topic several times already - most recently only a few days ago: the application store model is facing some serious issues at the moment, to the heavy detriment of users and developers alike. If you don't want to take my word for it - and really, you shouldn't, as you should make up your own mind - Marco Arment has written a great summary of all the problems the application store model is facing, with a lot of quotes from other sources to come to a good overview. Apple's App Store design is a big part of the problem. The dominance and prominence of "top lists" stratifies the top 0.02% so far above everyone else that the entire ecosystem is encouraged to design for a theoretical top-list placement that, by definition, won't happen to 99.98% of them. Top lists reward apps that get people to download them, regardless of quality or long-term use, so that's what most developers optimize for. Profits at the top are so massive that the promise alone attracts vast floods of spam, sleaziness, clones, and ripoffs. Quality, sustainability, and updates are almost irrelevant to App Store success and usually aren't rewarded as much as we think they should be, and that's mostly the fault of Apple's lazy reliance on top lists instead of more editorial selections and better search. And: As the economics get tighter, it becomes much harder to support the lavish treatment that developers have given apps in the past, such as full-time staffs, offices, pixel-perfect custom designs of every screen, frequent free updates, and completely different iPhone and iPad interfaces. The application store model is under serious pressure.

Read More...
posted 4 days ago on OSNews
General Dynamics C4 Systems and NICTA are pleased to announce the open sourcing of seL4, the world's first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement. It is still the world's most highly-assured OS. And here's the code.

Read More...
posted 5 days ago on OSNews
The technology press and bloggers really seem to have no idea what to make of Tizen. First, it was a huge, credible threat to Android (*), but now that even people who really, really, really want to see Android in trouble can no longer maintain that Tizen is a serious threat, it's now apparently magically a sign of Samsung's weakness. Or, if you believe Reuters, it's a sign of... Both? Or something? Samsung Electronics Co. suffered another blow to its efforts to cut the dependency of its smartphone business on Google Inc.'s Android operating system, postponing the launch of a new model that runs on its own Tizen software. The news is the latest disappointment for the Korean giant which is trying to defend its position as the world's largest maker of smartphones from the twin challenges of Apple Inc. AAPL and, at the other end of the market range, Chinese companies such as Huawei, ZTE and Xiaomi. Of course, those of us who have even a minute understanding of what it takes to create a successful and viable operating system and platform know full well just how unrealistic it is to see Tizen as anything but a fringe experiment that will, in all likelihood, never bear any fruit. You can ask BlackBerry and Microsoft just how hard it is to create, introduce, maintain, and grow a mobile platform in the current Android-iOS duopoly. I would love for Tizen to be a success, but the cold and harsh truth of this world is that all evidence - both historical and current - points towards it not making any headway whatsoever in smartphones and tablets. Tizen may very well play a role in Samsung's more embedded efforts - like TVs - but don't expect it on any serious phone any time soon, let alone it being a threat to iOS, Android, Windows Phone or even BB10. However, I want Tizen to be a success not because of some hand-wringing desire to see iOS or Android or Google or Samsung stumble and fall. No, I want it to be a success because the market - and thus consumers - always benefit from choice. The more platforms compete for that precious space in your pockets, the better all of them will become. Without Android, iOS would still be stuck at the level of version 2. Without Windows Phone, Android would still look like a cartoon. Potential other platforms would push the big three to even greater heights. I've made my desire to buy a Tizen device very clear. Not because I believe it will change the world or because I consider it an "Android killer", but because I believe diversity in the marketplace benefits us all - whether we're an iOS, Android, or BeOS user.

Read More...
posted 5 days ago on OSNews
Nokia has released the first major software update for the Nokia X series of devices. Key features of the update include: Enjoy improved ease of use with the new app switcher - switch easily between open apps, or close apps with a single tap. Instant access to your mail, calendar, and notes with Outlook.com and OneNote. Updated Nokia Store - new design to help you find content more easily, and better integration with third-party stores. New scrollable widgets, call reject with a message, contact search in the dialler, automatic uploading to OneDrive, and local calendar support. General performance and usability improvements. Could very well be the last.

Read More...
posted 6 days ago on OSNews
Microsoft has accidentally spilled the beans on Windows Phone 8.1 Update 1, and it's going to be a relatively small update for users, but a big one for OEMs and thus the platform. The number of user-facing features is small (Windows Phone is finally getting folder support!), but it increases support for different resolutions and screen sizes - up to 7". More features might be coming that aren't yet leaked, but the focus of the update is clear: hardware support.

Read More...
posted 6 days ago on OSNews
Antivirus peddler Trend Micro recently issued a "report", in which it states that "Google Play [is] populated with fake apps, with more than half carrying malware". Sounds scary, right? Well, reality is a little different, as TechRepulic and Android Police found out. It turns out that Trend Micro is guilty of a little over-eager language that obfuscated the nature of some of these threats. While there are indeed fake versions of many popular Android apps available for download, Trend failed to mention in their initial promotion for the report that the apps in question were posted outside the Play Store, and had to be installed manually in what's commonly known as a side-load. This requires users to download the app in a browser, ignore a standard security warning about APK files, and disable a security option in Android's main settings menu. As I've been saying for years and years now, antivirus peddlers are the scum of the technology industry. These people actively lie and spread FUD about popular platforms just to scare people into buying their crappy, bloated, unnecessary software. They tried these scummy scare tactics for OS X, iOS, and recently it's been Android's turn. Of course, it doesn't help that people like Tim Cook actively join in on the lying and FUD. You can spot the FUD from miles away. It usually contains something like "99% of all mobile malware targets Android", which may technically be true, but is actually entirely meaningless without the figure that actually matters: infection rates to determine just how successful this malware actually is. The actual infection rate figures make it very clear that they are, in fact, not successful at all. Another dead giveaway that you're dealing with antivirus FUD is "[platform] is insecure. Buy our software to make it secure". Android is just as secure as iOS. The figures are out there for all to see. Any time you see articles about reports regarding Android's security, you can be 100% sure it's coming from antivirus peddlers, meaning the figures will be contorted, false, manipulated, or just downright made up. These people are not to be trusted. If you still haven't learned that lesson, you are either stupid, or you have an agenda to push.

Read More...
posted 7 days ago on OSNews
From an article I stumbled upon today, detailing the file manager that shipped on virtually every Symbian device in history. The Files UI should be familiar to anyone that has used a file manager or folder system/explorer on a computer and it behaves the same as well. Pictured to the left is the standard view when you open Files. It shows several "drives", C:, E: and F: with F: being your memory card if your Symbian device has a memory card (SD, Mini/Micro SD) slot. Pictured to the right, you can see additional drives that are shown when you connect external devices via USB On-The-Go (if your device has USB-OTG) such as flash drives, hard drives or other phones. G: and H: represent the Mass Memory and Memory card on my Nokia N8 that is connected to my 808 PureView via USB OTG... that's a LOT of GBs to manage! Back when I used Symbian as my main smartphone operating system (I had an E72), I always found it funny that Symbian used drive letters, while the mobile operating system I used for years and years (Windows Mobile/PocketPC) did not - or at least, not in a user-visible manner. At the time, I assumed that Symbian used drive letters in a virtual way to placate Windows users who were used to them. In recent years, however, I've found out that Symbian's use of drive letters actually goes back much farther than that. Psion's EPOC (Symbian's 16bit predecessor; Symbian was created by Psion) also used drive letters - open up a Series 3 (I have a 3a) and you'll see that the two disk slots are designated A and B. Going even further back in time, even my Psion Organiser II (1986) used A: and B: for its two disk slots. I don't have a device to check, but I would assume that the Organiser I also used drive letters. Interesting how a concept dating back to CP/CMS made it all the way to the most modern Symbian phones.

Read More...
posted 7 days ago on OSNews
survey from market research firm VisionMobile, there are 2.9 million app developers in the world who have built about two million apps. Most of those app developers are making next to nothing in revenue while the very top of the market make nearly all the profits. Essentially, the app economy has become a mirror of Wall Street. The application store model was a good thing for a while, especially early on. Now, though, it's becoming an impediment. Supply has increased so much that it's impossible to stand out, especially now that a relatively small number of big players are utterly dominating the listings, drowning out everyone else. If nobody does anything, this will only get worse.

Read More...
posted 8 days ago on OSNews
I'm lucky. My financial situation allows me to buy several phones and tablets every year to keep up with the goings-on of all the major - and some of the minor - platforms currently competing for prime real estate in your precious pockets. It also means that I am lucky from a psychological point of view - by being able to buy several devices every year, I never fall into the all-too-common trap of choice-supportive bias. I don't have to rationalise my device purchases after the fact, so I won't have to employ all sorts of mental gymnastics to solve any states of cognitive dissonance caused by hardware and software flaws - the number one cause of irrational fanboyism. And so, I try to rotate my phone of choice around as much as possible. I enjoy jumping from Android to my N9, then onwards to Sailfish, back to Android, and then have some fun with Symbian on my E7 - and beyond. I've got a long list of platforms I want to add to the collection - one white BlackBerry Passport please - but in general, I'm pretty well-rounded. Read more on this exclusive OSNews article...

Read More...
posted 9 days ago on OSNews
A while ago, we've announced our plans to add Linux support as one of the features of our digital platform, with 100 games on the launch day sometime this fall. We've put much time and effort into this project and now we've found ourselves with over 50 titles, classic and new, prepared for distribution, site infrastructure ready, support team trained and standing by, and absolutely no reason to wait until October or November. We're still aiming to have at least 100 Linux games in the coming months, but we've decided not to delay the launch just for the sake of having a nice-looking number to show off to the press. It's not about them, after all, it's about you. So, one of the most popular site feature requests on our community wishlist is granted today: Linux support has officially arrived on GOG.com! Good on 'm.

Read More...
posted 10 days ago on OSNews
Microsoft CEO Satya Nadella has confirmed that his company will amalgamate all major versions of Windows into one operating system. Speaking on the company's quarterly earnings call today, Nadella told analysts Microsoft will "streamline the next version of Windows from three operating systems into one single converged operating system." Describing the implications of the change, Nadella said "this means one operating system that covers all screen sizes." Not exactly news, but it's good to have it explicitly out in the open like this. And if they're going to want to keep focusing on consumers, they're going to need some pretty big changes. They sold fewer than half a million Surface devices in the last quarter, and only 5.8 million Lumia devices. That last figure is misleading, though, as it only covers two months due to the Nokia deal. Even adding another month, it's safe to say it's well below 10 million. This actually raises an interesting question: has Microsoft actually ever made any profit off Windows Phone? Especially taking into account the huge amount of money they had to pour into Nokia's devices division every quarter just to keep it alive? And now they also need to earn the costs of the acquisition back. At some point, someone is going to have to make the tough calls here. What is the future of Windows Phone - and how long will that future be? How long will Microsoft be able to pour resources into the bottomless money pit that is Windows Phone?

Read More...
posted 10 days ago on OSNews
Yesterday, former Google-executive Hugo Barra, now Xiaomi's global vice president, had a talk with The Verge. Barra is only a year into his job as leader of Mi's internationalization efforts, but he's already "sick and tired" of hearing his company derided as an Apple copycat. He sees Mi as "an incredibly innovative company" that never stops trying to improve and refine its designs, and the allegations of it copying Apple are "sweeping sensationalist statements because they have nothing better to talk about." This morning, John Gruber: Scroll down on the Mi 3 "features" page and you'll see this image, named "detail-camera.jpg". Take a good look at the camera in that image, then look at the app icon for the current version of Aperture. It's a simple copy-paste-skew job of the lens, and not a very good one. Two panels down on the page, they use it again, horizontally flipped. (Shockingly, they cropped out the "Designed by Apple in California".) Hilarious.

Read More...
posted 10 days ago on OSNews
Apple responded to the backdoor story. Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer. Zdziarski, the author of the article that started this all, is not impressed. I don’t buy for a minute that these services are intended solely for diagnostics. The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption. Tell me, what is the point in promising the user encryption if there is a back door to bypass it? Apple response doesn't actually deny or contradict anything Zdziarski stated, so in the end, it all comes down to trust. Apple claims they only use these tools for "diagnostics" (which is a stretch considering the extensive and pervasive nature of the data they expose, but alas), and it's up to us to decide whether we trust them or not. If you still trust Apple - or Google, or Microsoft, or any other major technology company, for that matter - at this point, then I admire your child-like innocence.

Read More...
posted 10 days ago on OSNews
No Man's Sky is a video game quite unlike any other. Developed for Sony's PlayStation 4 by an improbably small team (the original four-person crew has grown only to 10 in recent months) at Hello Games, an independent studio in the south of England, it's a game that presents a traversable universe in which every rock, flower, tree, creature, and planet has been "procedurally generated" to create a vast and diverse play area. "We are attempting to do things that haven't been done before," says Murray. "No game has made it possible to fly down to a planet, and for it to be planet-sized, and feature life, ecology, lakes, caves, waterfalls, and canyons, then seamlessly fly up through the stratosphere and take to space again. It's a tremendous challenge." Minecraft comes to mind - obviously - but No Man's sky goes much, much further. You're looking at a procedurally generated universe with millions of individual, unique planets and individual, unique ecosystems, each evolving over time.

Read More...
posted 11 days ago on OSNews
A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com. First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it. Advertising companies will become increasingly... 'Creative' to find some way of tracking us that circumvents known laws and technological barriers. However, I doubt you have to worry about the small fish - worry about what the biggest internet advertising company in the world has cooking in its labs.

Read More...
posted 11 days ago on OSNews
Modern Combat 5 has been cracked and uploaded to multiple torrenting websites over the weekend. MC5 is a first person shooter for iOS, Android and Windows 8. The developer and publisher, Gameloft, ran a contest recently and invited players into the game early. One of those winners apparently cracked the game and began distributing it online. Modern Combat's dev team is not pleased with the situation. Horrible. You win a contest for early access, and then you turn around and stab them in the back like this. You must be a pretty terrible human being to do something like this.

Read More...
posted 11 days ago on OSNews
Continuity isn't a monolithic feature of the new operating systems so much as it is a range of features, each with its own hardware requirements and mode of operation. As we already did for iOS 8's Extensions, in this article we'll be using Apple's developer documentation, WWDC videos, and early reports from forums and rumor sites to explain the technology behind these features. We'll speak in brief about how phone integration and AirDrop work. Then, we'll examine how Handoff works and how developers can integrate Handoff support into their own iOS and OS X applications. Ars takes a look at Apple's Continuity.

Read More...
posted 14 days ago on OSNews
Jonathan Zdziarski's paper about backdoors, attack points and surveillance mechanisms built into iOS is quite, quite interesting. recent revelations exposed the use (or abuse) of operating system features in the surveillance of targeted individuals by the National Security Agency (NSA), of whom some subjects appear to be American citizens. This paper identifies the most probable techniques that were used, based on the descriptions provided by the media, and today’s possible techniques that could be exploited in the future, based on what may be back doors, bypass switches, general weaknesses, or surveillance mechanisms intended for enterprise use in current release versions of iOS. More importantly, I will identify several services and mechanisms that can be abused by a government agency or malicious party to extract intelligence on a subject, including services that may in fact be back doors introduced by the manufacturer. A number of techniques will also be examined in order to harden the operating system against attempted espionage, including counter-forensics techniques. This paper is actually half a year old - give or take - but it's gotten a lot of attention recently due to, well, the fact that he has uploaded a PowerPoint from a talk about these matters, which is obviously a little bit more accessible than a proper scientific journal article. For instance, despite Apple's claims of not being able to read your encrypted iMessages, there's this: In October 2013, Quarkslab exposed design flaws in Apple's iMessage protocol demonstrating that Apple does, despite its vehement denial, have the technical capability to intercept private iMessage traffic if they so desired, or were coerced to under a court order. The iMessage protocol is touted to use end-to-end encryption, however Quarkslab revealed in their research that the asymmetric keys generated to perform this encryption are exchanged through key directory servers centrally managed by Apple, which allow for substitute keys to be injected to allow eavesdropping to be performed. Similarly, the group revealed that certificate pinning, a very common and easy-to-implement certificate chain security mechanism, was not implemented in iMessage, potentially allowing malicious parties to perform MiTM attacks against iMessage in the same fashion. There are also several services in iOS that facilitate organisations like the NSA, yet these features have no reason to be there. They are not referenced by any (known) Apple software, do not require developer mode (so they're not debugging tools or anything), and are available on every single iOS device. One example of these services is a packet sniffer, com.apple.pcapd, which "dumps network traffic and HTTP request/response data traveling into and out of the device" and "can be targeted via WiFi for remote monitoring". It runs on every iOS device. Then there's com.apple.mobile.file_relay, which "completely bypasses Apple’s backup encryption for end-user security", "has evolved considerably, even in iOS 7, to expose much personal data", and is "very intentionally placed and intended to dump data from the device by request". This second one, especially, only gave relatively limited access in iOS 2.x, but in iOS 7 has grown to give access to pretty much everything, down to "a complete metadata disk sparseimage of the iOS file system, sans actual content", meaning time stamps, file names, names of all installed applications and their documents, configured email accounts, and lot more. As you can see, the exposed information goes quite deep. Apple is a company that continuously claims it cares about security and your privacy, but yet they actively make it easy to get to all your personal data. There's a massive contradiction between Apple's marketing fluff on the one hand, and the reality of the access iOS provides to your personal data on the other - down to outright lies about Apple not being able to read your iMessages. Those of us who aren't corporate cheerleaders are not surprised by this in the slightest - Apple, Microsoft, Google, they're all the same - but I still encounter people online every day who seem to believe the marketing nonsense Apple puts out. People, it doesn't get much clearer than this: Apple does not care about your privacy any more or less than its competitors.

Read More...