iOS

Apple to present at Black Hat Security Conference for the first time

Christian Zibreg ∙ Updated January 25, 2016

Black Hat Security Conference is underway at Ceasar's Palace in Las Vegas and Apple is planning to present for the first time in the event's fifteen-year history. Warming up to hackers, the iPhone maker dispatched Dallas De Atley, its Manager of the Platform Security team, to talk iOS security.

According to the conference agenda, De Atley will "discuss key security technologies in iOS" as "Apple designed the iOS platform with security at its core". Apple's decision to take part in the conference coincides with a few security breaches in its mobile and desktop operating systems that routinely make headlines in the press.

Some of the recent examples include the widely reported IAP exploit and Mac malware that prompted Apple to step up its game with the new Gatekeeper feature in OS X Mountain Lion, designed to only allow for approved, signed apps from the Mac App Store...

Developer forced to make Android game free due to rampant piracy

Cody Lee ∙ July 23, 2012

We've complained, on more than one occasion, about the high rate of piracy on iOS. It's not uncommon to see pirated copies make up 90% or more of an app's total download numbers. It's bad.

But apparently, it's even worse on Android. Popular mobile developer Madfinger Games says it has decided to make its Dead Trigger title free due to rampant piracy on Google's platform...

Russian hacker admits defeat in IAP breach

Christian Zibreg ∙ Updated January 29, 2016

Alexey V. Borodin, the Russian hacker who made headlines with a tool which lets anyone steal extra content in apps, no jailbreak required, is admitting defeat following Apple's announcement that the in-app purchasing (IAP) exploit will be fixed in the shipping version of iOS 6 this fall.

In an unprecedented move, Apple gave developers access to a pair of private APIs in iOS, a temporary solution that effectively bypasses the hack. Borodin just publicly acknowledged that currently there is no way to circumvent Apple's band-aid fix in apps updated to take advantage of the private APIs...

Opera says iOS is still top platform for mobile advertising

Cody Lee ∙ Updated January 25, 2016

Opera (yes, the browser people) published its first ever State of Mobile Advertising report this week, a study regarding the effectiveness of advertising on different mobile platforms.

As you might have expected, Apple's iOS came out on top. Despite Android's lead in overall marketshare, users seem to browse the web and click on ads more on Apple's mobile OS...

Google re-invents patent system, says iPhone inventions belong to everyone

Christian Zibreg ∙ July 20, 2012

Google is feeling lots of heat lately as Apple, Microsoft and Oracle show some notable progress with Android lawsuits. Apple in particular holds a number of patents that cover trademark features the iPhone popularized, like slide to unlock and other multitouch gestures.

The Internet giant should also beware of the latest Apple patent grant which covers virtually all of the iPhone's user interface innovations. Perhaps in realization of its defensiveness, Google has changed tactics.

The company is now arguing that because the iPhone has become so popular, Apple's proprietary and patented inventions should really become industry essential patents. Seriously?

Google buys Mac/iOS email client Sparrow, say good-bye to new features

Christian Zibreg ∙ Updated January 25, 2016

Dang, Google just acquired the popular Mac and iOS email client Sparrow. The value of the transaction or terms of the deal have not been made public, though The Verge thinks Google paid under $25 million for Sparrow. According to a blog post announcing the acquisition, this deal will help the Sparrow team "accomplish a bigger vision", one the team says "can better achieve with Google". Hopefully that means buying some notification servers, though Sparrow's email to customers is anything but encouraging. Full details below...

Is Apple stepping up fight against IAP exploit with UDIDs?

Christian Zibreg ∙ Updated April 15, 2024

A flaw in the in-app purchasing mechanism in iOS that a Russian hacker exposed last week by leveraging a proxy server which enabled $30,000+ in sales of extra content may soon become a thing of the past as Apple is reportedly looking to contain the exploit by issuing a unique identifier in validation receipts.

This identifier apparently includes the Unique Device Identifier (UDID) for the device making the in-app purchase. The development is indicative remembering that the company recently began rejecting third-party apps over use of UDIDs. Apple was also thought to be readying tools for developers to let apps figure out users without resorting to UDIDs...

Apple starts blocking Russian servers that authenticate in-app content for free

Christian Zibreg ∙ July 16, 2012

Making good on its promise, Apple has started to block Russian servers which authenticate paid in-app content for free, The Next Web reports. The company is blocking IP addresses that host the rogue in-appstore.com domain by issuing takedown notices to hosting companies. PayPal has also intervened to block a private account through which donations had been collected, citing violation of its terms of service.

Despite this, hacker Alexey V. Borodin, the brains behind this controversial method, has already moved the servers to another country in an attempt to evade Apple’s legal requests...

Russian hacker cracks iOS in-app purchasing, no jailbreak required

Christian Zibreg ∙ Updated July 18, 2012

iOS in-app purchasing mechanism which lets you buy digital items in games, upgrade to full versions of apps and purchase additional content, has been cracked by a savvy Russian hacker who posted a proof of concept video, embedded below.

First noticed by Russian blog i-ekb.ru (via 9to5Mac), the hack is credited to Russian developer ZonD80 who runs the conveniently named In-AppStore.com website where he collects donations to support development of the project.

What's special about this method - and potentially devastating to the development community - is that it doesn't require a jailbreak and can be completed in a few simple steps by even the most inexperienced users. UPDATE: contrary to reports that Apple took the proxy site down, developer confirms it's simply under high load and says the info site is being moved to Blogger.

Google to pay $22.5M fine in Safari privacy debacle settlement

Christian Zibreg ∙ Updated April 4, 2018

Remember when Google was caught with its hands in the jar, overriding privacy settings of both desktop and iOS Safari users' privacy settings in order to better track their web browsing activity? The issue snowballed into a privacy scandal as the U.S. Federal Trade Commission (FTC) said in April it would investigate the practice. The Wall Street Journal reports this morning that the FTC and the search Goliath are now close to finalizing a settlement that will see Google pony up a whopping $22.5 million to settle the privacy issue, FTC's largest ever fine...

The exodus begins: corporate America abandoning BlackBerry for iOS and Android

Christian Zibreg ∙ Updated January 25, 2016

As Research In Motion's woes deepen amid lay offs, outrageous losses five times bigger than projected and news that its long-expected BlackBerry 10 software won't arrive until next year, a significant number of high-profile and profitable corporate customers are readying contingency plans, a tell tale sign that, unfortunately, the window of opportunity for the BlackBerry as we know it is closing fast...