All posts in “Ios 11”

Cellebrite may have found a way to unlock iPhones running iOS 11


According to a Forbes report, Israeli company Cellebrite is now able to unlock some very recent iPhones. Cellebrite is a well-known company that sells mobile forensics tools to extract data from locked devices.

While early versions of iOS weren’t really secure, this has changed quite a lot in recent years. All iOS devices now ship with a secure enclave, all data is encrypted if you use a passcode and there are multiple security checks when you boot and use your device.

In other words, if you don’t have the passcode, you’re going to have a hard time getting your hand on the data on the device. Many firms try to find vulnerabilities to unlock mobile devices. It has become a lucrative industry as intelligence agencies often pay forensics companies to unlock mobile devices.

Those forensics methods often lag behind. For instance, it’s quite easy to find a device to unlock an iPhone 6 running iOS 8. But if Forbes’ report and Cellebrite’s website are right, governments can now pay Cellebrite to unlock an iPhone 8 running iOS 11.

It’s unclear if it works with the most recent version of iOS 11 (11.2.6) or just the operating system version that was available back in September (11.0). It’s also unclear if it works with all iOS devices or if it only works with some devices. Forbes found a warrant that mentions an unlocked iPhone X.

This is a cat-and-mouse game, and Apple engineers are now probably working hard to fix all the vulnerabilities they can find. As always, if you don’t want to let authorities read your personal data, you should keep your devices up-to-date.

In addition to new features, security patches protect you against the most common attacks. And malicious hackers might use the same vulnerabilities against you.

Download Apple’s update to protect your iPhone from the Telugu bug

A simple message can wreak havoc on your iPhone.
A simple message can wreak havoc on your iPhone.

Image: Lili Sams/Mashable

Apple issued a fix to the bug that was crashing iPhones with a single character. 

On Monday, the company released several updates, including iOS 11.2.6. If you’ve got an iPhone or iPad, you should probably download it ASAP.

Last week, a bug was discovered that crashed systems with a single character from the Telugu language, which is used in parts of India. Mashable tested the bug and found that, yes, it was a real problem

It crashed phones and third-party messaging apps including WhatsApp and Facebook Messenger. Now, thankfully, the problem is fixed … until a new bug is discovered. 

[embedded content]

Digital minister’s app lands on data watchdog’s radar after privacy cock-up


UK digital minister Matt Hancock, who’s currently busy with legislative updates to the national data protection framework, including to bring it in line with the EU’s strict new privacy regime, nonetheless found time to launch an own-brand social networking app this week.

The eponymously titled: Matt Hancock MP App.

To cut a long story short, the Matt app quickly ran into a storm of criticism for displaying an unfortunately lax attitude to privacy and data protection. Such as pasting in what appeared to be a very commercially minded privacy policy — which iOS users couldn’t even see prior to agreeing to it in order to download the app… [Insert facepalm emoji of choice]

In the words of one privacy consultant, who quickly raised concerns via Twitter: “You’d think the Digital Minister and one responsible for data protection package would get privacy right.”

Well — news just in! — the UK’s data protection watchdog isn’t entirely sure about that latter point, because it’s now looking into the app’s operation after privacy concerns were raised.

“We are checking reports about the operation of this app and have seen other similar examples of such concerns in apps as they are developed. So to help developers, we produced specific guidance on privacy in mobile apps,” an ICO spokesperson told TechCrunch in response to questions about the Matt app.

“The Data Protection Act exists to protect individuals’ privacy. Anyone developing an app needs to comply with data protection laws, ensuring privacy is at the forefront of their design,” the spokesperson added, pointing to the agency’s contact page as a handy resource for “anybody with concerns about how their personal data has been handled”.

(For the full lowdown on the Matt Hancock privacy snafu, I suggest reading The Register‘s gloriously titled report: What a Hancock-up: MP’s social network app is a privacy disaster.

This forensic Twitter thread, by the aforementioned consultant, @PrivacyMatters, is also a great exploration of the myriad areas where Matt Hancock’s app appears to be messing up in data protection T&C terms.)

Here’s a few screenshots of the app for the curious…

Of course the minister didn’t intend to generate his own personal privacy snafu.

He intended the Matt Hancock App to be a place for people in his West Suffolk constituency to keep up on news about Matt Hancock, MP.

Among the touted “Core benefits for Constituents” are:

  • Never miss out on local matters via private networks
  • A safe, trusted, environment where abuse is not tolerated and user data is not exploited

But Hancock outsourced the app’s development to a UK company called Disciple Media, which builds so-called “mobile-first community platforms” for third parties — including musicians and social media influencers.

And whose privacy policy is replete with circumspect words like “may” and “including” — making it about as clear as mud what exactly the company (and indeed what Matt Hancock MP) will be doing with Matt Hancock App users’ personal data.

Here’s a sample problematic para from the app’s privacy policy (emphasis ours):

when you sign up [to?] the App you provide consent so that we may disclose your personal information to the Publisher, the Publisher’s management company, agent, rights image company, the Publisher’s record label or publisher (as applicable) and any other third parties, for use in conjunction with additional user promotions or offers they may run from time to time or in relation to the sale of other goods and services. You may unsubscribe from such promotions or offers or communications at any time by following the instructions set out in such promotion or offer or communication;

If you’re wondering whether Hancock has also started his own rock band or record label; spoiler — as far as we’re aware he hasn’t. Rather, as we understand it, the policy issued with the app was originally created for musician clients which Disciple more often works with (one example on that front: The Rolling Stones).

We also understand the privacy policy was uploaded in error to the Matt app, according to sources familiar with the matter, and it is in the process of being reviewed for possible amendments.

Tapping around in the app itself, other aspects also point to it having been rushed out — for example, expanding comments didn’t seem to work for some of the posts we tried. And three dots in the upper corner of photos occasionally does nothing; occasionally asks if you want to ‘turn off notifications’; and occasionally offers both choices; plus a third option of asking if you want to report a post.

Meanwhile, as others have pointed out, by calling the app after the man himself users get the unfortunate notification that “Matt Hancock would like to access your photos” if they choose to upload an image. Awkward to say the least.

Although it’s less clear whether reports that the app might also be breaching iOS rules by accessing users’ photos even if they’ve denied camera roll access stand up to scrutiny as iOS 11 does let users grant one-time access to a photo.

Hancock’s parliamentary office is deferring all awkward questions about the Matt Hancock App to Disciple. We know because we rang and they redirected us to company’s contact details.

We wanted to ask Hancock’s people what user data his office is harvesting, via his own-brand app, and what the data will be used for. And why Hancock decided to build the app with Disciple (which the app’s press release specifies hasn’t been paid; the company is seemingly providing the service as a donation in kind — presumably for the hopes of associated publicity, so, er, careful what you wish for).

We also wanted to know what Hancock thought he could achieve by launching an own-brand app which isn’t already possible to do with pre-existing communication tools (and via constituency surgeries).

And whether the app was vetted by any government agencies prior to launch — given Hancock’s position as a sitting minister, and the potential for some wider reputational damage on account of the unfortunate juxtaposition with his ministerial portfolio.

Eventually a different Hancock staffer send us this statement: “This app is ICO registered and GDPR compliant. It is consistent with measures in the Data Protection Bill currently before Parliament. And is App Store certified by Apple, using standard Apple technology.”

Re: GDPR, we suggest the minister reads our primer because we’re rather less confident than he apparently is that his app, as is, under this current privacy policy and structure, would pass muster under the new EU-wide standard (which comes into force in May).

As regards the why of the Matt app, the staffer sent us a line from Matt’s weekly newsletter — where he writes: “Working with a brilliant British startup called Disciple Media, I’ve launched this app to build a safe, moderated, digital community where my West Suffolk constituents and I can discuss the issues that matter to them.”

Hancock’s office did not respond to our questions about the exact data they are collecting and for what specific purposes (pro tip: That’s basically a GDPR requirement guys!).

But we’ll update this post if the minister delivers any further insights on the digital activity being done under (and in) his name. (As an aside, an email we sent to his constituency email address also bounced back with a fatal delivery error. Digital credibility score at his point: Distressingly low.)

Meanwhile, Disciple Media has so far declined to provide a public response to our questions — though they have promised a statement. Which we’ll drop in here when/if it lands.

The company is in the process of pivoting its business model from a revenue share arrangement to a SaaS monthly subscription — which a spokesman describes as “more ‘easy Squarespace for mobile/mobile web communities’ than ‘social media’”.

So — in theory at least — the business should be heading away from the need to lean on the data slurping of app users’ personal information to power marketing-generated revenues to keep the money rolling in. At least if it gets enough paying monthly customers (Hancock not being one of them).

We’re told it has relied on private investment thus far but is also actively seeking to raise VC.

Apple wants to gather all your medical records in the Health app


Apple announced a new health effort as part of iOS 11.3. The new Health Records section in the Health app lets you gather and view all your medical records. The company is partnering with hospitals and clinics.

Apple released the first beta version of iOS 11.3 today. While the new version of iOS is going to remain in beta testing for a couple of months, it should be available as a free download to all iPhone users pretty soon.

Health Records is going to be a new menu in the Health Data section of the Health app. You’ll be able to add any file to this menu as long as it’s a CDA file (Clinical Document Architecture). Some hospitals already email you those files or make them available on their website. But Apple wants to automate this process.

Johns Hopkins Medicine, Cedars-Sinai, Penn Medicine and others are already testing the feature with their patients. Health Records is based on on FHIR (Fast Healthcare Interoperability Resources), a standard when it comes to data formats and APIs.

So it means that those hospitals and clinics will be able to push this data to your phone directly. You’ll receive a notification alerting you that you just received a new medical record. Data is encrypted on your phone and protected by your passcode.

And it looks very thorough based on the screenshot. You’ll be able to list your allergies, medications, immunizations and lab results in the Health app.

This could be particularly useful for patients who get a lot of lab results to track cholesterol or something else. Newest results appear at the top of the Healthcare Records timeline.

It’s going to be hard to convince every single hospital and clinic around the U.S. and around the world to adopt the new Health Records feature. But here’s a list of all the institutions participating in the beta test:

  • Johns Hopkins Medicine – Baltimore, Maryland
  • Cedars-Sinai – Los Angeles, California
  • Penn Medicine – Philadelphia, Pennsylvania
  • Geisinger Health System – Danville, Pennsylvania
  • UC San Diego Health – San Diego, California
  • UNC Health Care – Chapel Hill, North Carolina
  • Rush University Medical Center – Chicago, Illinois
  • Dignity Health – Arizona, California and Nevada
  • Ochsner Health System – Jefferson Parish, Louisiana
  • MedStar Health – Washington, D.C., Maryland and Virginia
  • OhioHealth – Columbus, Ohio
  • Cerner Healthe Clinic – Kansas City, Missouri
  1. iPhone_X_Apple_All_Health_Records_Screen_01232018

  2. iPhone_X_Apple_Health_Records_screen_01232018

Featured Image: Pressmaster/Shutterstock

Learn how to build the iOS app you’ve been dreaming about

Make an app for that.
Make an app for that.

Image: Pexels

Have you ever had a brilliant idea for an app and wondered how hard it might be to actually build it yourself? Learn how to build the app of your dreams with The Complete iOS 11 & Swift Developer Course that’s $10 for a limited time. (It’s usually upwards of $200.)

Whether you’re a beginner or have some knowledge about app-building, this course can help you take things to that next level, like finally turning your idea into reality or making a career change.

Udemy’s all-time best-selling lecturer Rob Percival has helped more than 800,000 students and earns rave reviews due to his impeccable teaching style. With more than 34 hours of content spread across 249 lectures, The Complete iOS 11 & Swift Developer Course will provide you with a complete toolkit for designing your own apps with Swift 4, ARKit, MLKit, MusicKit, and the new Depth Photo API. You’ll also get to discover the ins and outs of XCode and Interface Builder, learn all about online storage with Parse, develop games with SpriteKit, and create Instagram and Snapchat clones. 

By the end of all the training, you’ll have built 20 different apps from scratch, and gained the confidence to venture into the lucrative world of app development on your own.