jm + ios   26

Turning Off Wi-Fi and Bluetooth in iOS 11's Control Center Doesn’t Actually Turn Off Wi-Fi or Bluetooth - Motherboard
"in iOS 11 and later, when you toggle the Wi-Fi or Bluetooth buttons in Control Center, your device will immediately disconnect from Wi-Fi and Bluetooth accessories. Both Wi-Fi and Bluetooth will continue to be available." That is because Apple wants the iPhone to be able to continue using AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, and other features, according to the documentation.
wifi  bluetooth  iphone  ios  security  fail  off-means-off 
3 days ago by jm
isign
Let's see how long this lasts:
Today Sauce Labs is proud to open-source isign. isign can take an iOS app that was authorized to run only on one developer’s phone, and transform it so it can run on another developer’s phone. 

This is not a hack around Apple’s security. We figured out how Apple’s code signing works and re-implemented it in Python. So now you can use our isign utility anywhere – even on Linux!
signing  apple  code-signing  pki  ios  iphone  apps 
february 2016 by jm
‘Error 53’ fury mounts as Apple software update threatens to kill your iPhone 6 | Money | The Guardian
Apple outlaws third-party repairs with vague TouchID-related justifications:
Freelance photographer and self-confessed Apple addict Antonio Olmos says this happened to his phone a few weeks ago after he upgraded his software. Olmos had previously had his handset repaired while on an assignment for the Guardian in Macedonia. “I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly.” He says he thought no more about it, until he was sent the standard notification by Apple inviting him to install the latest software. He accepted the upgrade, but within seconds the phone was displaying “error 53” and was, in effect, dead.


Now that is scummy.
apple  error-53  ios9  ios  phones  smartphones  touchid  via:boingboing 
february 2016 by jm
iPhone, iPad, Mac Buyer's Guide: Know When to Buy
sync up with the Apple product cycle when you're buying new hardware
hardware  devices  apple  shopping  mac  ios  iphone  ipad  releases  schedule  gadgets 
february 2016 by jm
excellent offline mapping app MAPS.ME goes open source
"MAPS.ME is an open source cross-platform offline maps application, built on top of crowd-sourced OpenStreetMap data. It was publicly released for iOS and Android."
maps.me  mapping  maps  open-source  apache  ios  android  mobile 
september 2015 by jm
Malware infecting jailbroken iPhones stole 225,000 Apple account logins | Ars Technica

KeyRaider, as the malware family has been dubbed, is distributed through a third-party repository of Cydia, which markets itself as an alternative to Apple's official App Store. Malicious code surreptitiously included with Cydia apps is creating problems for people in China and at least 17 other countries, including France, Russia, Japan, and the UK. Not only has it pilfered account data for 225,941 Apple accounts, it has also disabled some infected phones until users pay a ransom, and it has made unauthorized charges against some victims' accounts.


Ouch. Not a good sign for Cydia
cydia  apple  security  exploits  jailbreaking  ios  iphone  malware  keyraider  china 
september 2015 by jm
Someone discovered that the Facebook iOS application is composed of over 18,000 classes. : programming
_FBGraphQLConnectionStorePersistentPageLoaderOperationDelegate-Protocol.h
_FBReactionAcornSportsContentSettingsSetShouldNotPushNotificationsMutationCall.h
FBBoostedComponentCreateInputDataCreativeObjectStorySpecLinkDataCallToActionValue.h
FBEventUpdateNotificationSubscriptionLevelMutationOptimisticPayloadFactoryProtocol-Protocol.h


I just threw up a little.

See also https://www.facebook.com/notes/facebook-engineering/under-the-hood-dalvik-patch-for-facebook-for-android/10151345597798920 , in which the FB Android devs happily reveal that they hot-patch the Dalvik VM at runtime to work around a limit -- rather than refactoring their app.
facebook  horrors  coding  ios  android  dalvik  hot-patching  apps 
august 2015 by jm
Apple now biases towards IPv6 with a 25ms delay on connections
Interestingly, they claim that IPv6 tends to be more reliable and has lower latency now:
Based on our testing, this makes our Happy Eyeballs implementation go from roughly 50/50 IPv4/IPv6 in iOS 8 and Yosemite to ~99% IPv6 in iOS 9 and El Capitan betas. While our previous implementation from four years ago was designed to select the connection with lowest latency no matter what, we agree that the Internet has changed since then and reports indicate that biasing towards IPv6 is now beneficial for our customers: IPv6 is now mainstream instead of being an exception, there are less broken IPv6 tunnels, IPv4 carrier-grade NATs are increasing in numbers, and throughput may even be better on average over IPv6.
apple  ipv6  ip  tcp  networking  internet  happy-eyeballs  ios  osx 
july 2015 by jm
Facebook Infer
New static analysis goodnews, freshly open-sourced by Facebook:
Facebook Infer uses logic to do reasoning about a program's execution, but reasoning at this scale — for large applications built from millions of lines of source code — is hard. Theoretically, the number of possibilities that need to be checked is more than the number of estimated atoms in the observable universe. Furthermore, at Facebook our code is not a fixed artifact but an evolving system, updated frequently and concurrently by many developers. It is not unusual to see more than a thousand modifications to our mobile code submitted for review in a given day. The requirements on the program analyzer then become even more challenging because we expect a tool to report quickly on these code modifications — in the region of 10 minutes — to fit in with developers' workflow. Coping with this scale and velocity requires advanced mathematical techniques. Facebook Infer uses two such techniques: separation logic and bi-abduction.

Separation logic is a theory that allows Facebook Infer's analysis to reason about small, independent parts of the application storage, rather than having to consider the entirety of the memory potentially at every step. That would be a daunting task on modern processors with their large addressable virtual memories.

Bi-abduction is a logical inference technique that allows Facebook Infer to discover properties about the behavior of independent parts of the application code. By storing these properties between runs, Facebook Infer needs to analyze only the parts of the software that have changed, reusing the results of its previous analysis where it can.

By combining these approaches, our analyzer is able to find complex problems in modifications to an application built from millions of lines of code, in minutes.


(via Bryan O'Sullivan)
via:bos  infer  facebook  static-analysis  lint  code  java  ios  android  coding  bugs 
june 2015 by jm
iPhone UTF-8 text vulnerability
'Due to how the banner notifications process the Unicode text. The banner briefly attempts to present the incoming text and then "gives up" thus the crash'. Apparently the entire Springboard launcher crashes.
apple  vulnerability  iphone  utf-8  unicode  fail  bugs  springboard  ios  via:abetson 
may 2015 by jm
Apple Appstore STATUS_CODE_ERROR causes worldwide service problems
Particularly notable for this horrific misfeature, noted by jgc:
I can't commit code at CloudFlare because we use two-factor auth for the VPN (and everything else) and non-Apple apps on my iPhone are asking for my iTunes password. Tried airplane mode and apps simply don't load at all!


That is a _disastrous_ policy choice by Apple. Does this mean Apple can shut down third-party app operation on iOS devices worldwide should they feel like it?
2fa  authy  apps  ios  apple  ownership  itunes  outages  appstore  fail  jgc 
march 2015 by jm
How Etsy Does Continuous Integration for Mobile Apps
Very impressive. I particularly like the use of Tester Dojos to get through a backlog of unwritten tests -- we had a similar problem recently...
dojos  testing  ci  cd  builds  etsy  mobile  ios  shenzen  trylib  jenkins  tester-dojos 
december 2014 by jm
Nik Cubrilovic - Notes on the Celebrity Data Theft
tl;dr: a lot of people are spending a lot of time stealing nudie pics from celebrities. See also http://www.zdziarski.com/blog/?p=3783 for more details on the probable approaches used. Grim.
apple  privacy  security  celebrities  pics  hacking  iphone  ipad  ios  exploits  brute-force  passwords  2fa  mfa  find-my-iphone  icloud  backups 
september 2014 by jm
'Identifying Back Doors, Attack Points and Surveillance Mechanisms in iOS Devices'
lots of scary stuff in this presentation from this year's Hackers On Planet Earth conf. I'm mainly interested to find out that Jonathan "D-Spam" Zdziarski was also a jailbreak dev-team member until around iOS 4 ;)
d-spam  jonathan-zdziarski  security  apple  ios  iphone  surveillance  bugging 
july 2014 by jm
Oisin's mobile app release checklist
'This form is to document the testing that has been done on each app version before submitting to the App Store. For each item, indicate Yes if the testing has been done, Not Applicable if the testing does not apply (eg testing audio for an app that doesn’t play any), or No if the testing has not been done for another reason.'
apps  checklists  release  coding  ios  android  mobile  ohurley 
may 2014 by jm
ImperialViolet - Apple's SSL/TLS bug
as we all know by now, a misplaced "goto fail" caused a critical, huge security flaw in versions of IOS and OSX SSL, since late 2012.

Lessons:

1. unit test the failure cases, particularly for critical security code!
2. use braces.
3. dead-code analysis would have caught this.

I'm not buying the "goto considered harmful" line, though, since any kind of control flow structure would have had the same problem.
coding  apple  osx  ios  crypto  ssl  security  goto-fail  goto  fail  unit-testing  coding-standards 
february 2014 by jm
Apple iOS 7 surprises as first with new multipath TCP connections - Network World
iOS 7 includes -- and uses -- multipath TCP, right now for device-to-Siri communications.
MPTCP is a TCP extension that enables the simultaneous use of several IP addresses or interfaces. Existing applications – completely unmodified -- see what appears to be a standard TCP interface. But under the covers, MPTCP is spreading the connection’s data across several subflows, sending it over the least congested paths.
ios7  ios  networking  apple  mptcp  tcp  protocols  fault-tolerance 
september 2013 by jm
Dropbox Sync API
Give your app its own private Dropbox client and leave the syncing to us.
apps  dropbox  synchronization  sync  ios  android  api 
march 2013 by jm
IOS TCP wifi optimizer
Basically, tweaking a few suboptimal sysctls to optimize for 802.11b/n; requires a Jailbroken IOS device. I'm surprised that Apple defaulted segment size to 512 to be honest, and disabling delayed ACKs sounds like it might be useful (see also http://www.stuartcheshire.org/papers/NagleDelayedAck/).
TCP optimizer modifies a few settings inside iOS, including increasing the TCP receive buffer from 131072 to 292000, disabling TCP delayed ACK’s, allowing a maximum of 16 un-ACK’d packets instead of 8 and set the default packet size to 1460 instead of 512. These changes won’t only speed up your YouTube videos, they’ll also improve your internet connection’s performance overall, including Wi-Fi network connectivity.
tcp  performance  tuning  ios  apple  wifi  wireless  802.11n  sysctl  ip 
february 2013 by jm
Evasi0n Jailbreak's Userland Component
Good writeup of the exploit techniques used in the new iOS jailbreak.
Evasi0n is interesting because it escalates privileges and has full access to the system partition all without any memory corruption.  It does this by exploiting the /var/db/timezone vulnerability to gain access to the root user’s launchd socket.  It then abuses launchd to load MobileFileIntegrity with an inserted codeless library, which is overriding MISValidateSignature to always return 0.
jailbreak  ios  iphone  ipad  exploits  evasi0n  via:nelson 
february 2013 by jm
Pushover: Simple Mobile Notifications for Android and iOS
'Pushover makes it easy to send real-time notifications to your Android and iOS devices.' extremely simple HTTPS API; 'Pushover has no monthly subscription fees and users will always be able to receive unlimited messages for free. Most applications can send messages for free, subject to monthly limits.' Also supported by ifttt.com
ios  android  iphone  push  messaging 
january 2013 by jm
Welcome, Apple!
'The desktop version of iPhoto, and indeed all of Apple’s iOS apps until now, use Google Maps. The new iPhoto for iOS, however, uses Apple’s own map tiles – made from OpenStreetMap data (outside the US).'
apple  ios  maps  openstreetmap  osm  free  iphoto 
march 2012 by jm
GreenPois0n jailbreak goes untethered for Apple TV
the $99 set-top box now can run XBMC without having to be re-tethered anytime you needed to power it off
apple  tv  set-top-box  greenpois0n  jailbreaking  ios  xbmc  from delicious
february 2011 by jm

related tags

2fa  802.11n  android  apache  api  apple  apps  appstore  authy  backups  bluetooth  brute-force  bugging  bugs  build  builds  burner-phones  cd  celebrities  checklists  china  ci  code  code-signing  coding  coding-standards  continuous-deployment  crypto  cydia  d-spam  dalvik  data-retention  deployment  devices  dojos  dropbox  error-53  etsy  evasi0n  exploits  facebook  fail  fault-tolerance  find-my-iphone  free  gadgets  goto  goto-fail  greenpois0n  hacking  happy-eyeballs  hardware  horrors  hot-patching  icloud  infer  internet  ios  ios7  ios9  ip  ipad  iphone  iphoto  ipv6  itunes  jailbreak  jailbreaking  java  jenkins  jgc  jonathan-zdziarski  keyraider  lint  mac  malware  mapping  maps  maps.me  messaging  mfa  mobile  mptcp  networking  off-means-off  ohurley  open-source  openstreetmap  osm  osx  outages  ownership  passwords  performance  phones  pics  pki  privacy  protocols  push  release  releases  schedule  security  set-top-box  shenzen  shopping  signing  smartphones  springboard  ssl  static-analysis  surveillance  sync  synchronization  sysctl  tcp  tester-dojos  testing  touchid  travel  trylib  tuning  tv  unicode  unit-testing  utf-8  via:abetson  via:boingboing  via:bos  via:nelson  vulnerability  wifi  wireless  xbmc 

Copy this bookmark:



description:


tags: