Tag: mobile computing

Articles – From the horse’s mouth

Google

A standard and certification program now exists for mobile application security

A New Standard for Mobile App Security (Google Security Blog post)

Internet Of Secure Things Alliance (ioXT)

ioXt Alliance Expands Certification Program for Mobile and VPN Security (Press Release)

Mobile Application Profile (Reference Standard Document – PDF)

My Comments

There is a constant data-security and user-privacy risk associated with mobile computing.

And this is being underscored heavily as a significant number of mobile apps are part of “app-cessory” ecosystems for various Internet-of-Things devices. That is where a mobile app is serving as a control surface for one of these devices. Let’s not forget that VPNs are coming to the fore as a data-security and user-privacy aid for our personal-computing lives.

Expect this to appear alongside mobile-platform apps to signify they are designed for security

But how can we be sure that an app that we install on our smartphones or tablets is written to best security practices? What is being identified is a need for an industry standard supported by a trademarked logo that allows us to know that this kind of software is written for security.

A group called the Internet of Secure Things Alliance, known as ioXT, have started to define basic standards for secure Internet-of-Things ecosystems. Here they have defined various device profiles for different Internet-of-Things device types and determined minimum and recommended requirements for a device to be certified as being “secure” by them. This then allows the vendor to show a distinct ioXT-secure logo on the product or associated material.

Now Google and others have worked with ioXT to define a Mobile Application Profile that sets out minimum security standards for mobile-platform software in order to be deemed secure by them. At the moment, this is focused towards app-cessory software that works with connected devices along with consumer-facing privacy-focused VPN endpoint software. For that matter, Google is behind a “white-box” user-privacy VPN solution that can be offered under different labels.

This device profile has been written in an “open form” to cater towards other mobile app classes that need to have specific data-security and user-privacy requirements. This will come about as ioXT revises the Mobile Application Profile.

Conclusion

The ioXT Internet-of-Secure-Things platform could be extended to certifying more classes of native mobile-platform and desktop-platform software that works with the Internet of Everything. The VPN aspect of the Mobile Application Profile can also apply to native desktop VPN-management clients or native and Web software intended to manage router-based VPN setups.

At least a non-perpetual certification program with a trademarked logo now exists for the Internet of Everything and mobile apps to assure customers that the hardware and software is secure by design and default.

Article

Your iPhone or iPad will have security and software-quality updates delivered separately from the main functionality upgrades

Apple Could Soon Split iOS Updates And Security Updates | Ubergizmo

My Comments

A trend that is increasing in relationship to software maintenance and quality assurance is to assure the ubiquitous availability of critical security, software-quality and compliance updates for a device or program. This is through delivering such updates under separate cover from major updates that primarily add features and functionality.

You may think of these critical updates as just security patches for the device or program but these can include general bugfixes, software refinements to to have the program run more efficiently or compliance modifications such as to update daylight-saving-time rules for a particular jurisdiction.

Microsoft, Google and Apple headed that way with Windows 10, Android and with MacOS respectively.  This approach benefits the software developer and the user equally because the security, software-quality or compliance patches are usually small files. The software developer can assure guaranteed delivery and installation even with older devices that aren’t able to take newer versions of the software thus hardening the device’s platform against security exploits.

Similarly the user can choose not to install a functionality update if they don’t see fit or may find that it offers a steep learning curve due to significant user-experience changes. It is more so where a user would rather run with a highly-stable version of the operating system than the latest “rushed-out” version that carries bugs.

Apple will be taking this approach with iOS soon. Previously, the iOS mobile operating system was maintained using the delivery of major versions offering major functionality. But Apple would deliver iOS bugfixes and security patches as a minor or “point” version dependent on a major version, something that was considered orthodox in the world of software maintenance and quality assurance.

But if they were to “reach” older iOS versions with a security or compliance update, they would need to offer a minor or “point” version for a prior major version as a separate software package. This is an issue that affects people who maintain older iOS devices, especially iPads or iPod Touch devices that are less likely to take newer major versions of iOS.

Through the development of iOS 14.5, Apple has looked in to the idea of “splitting” the critical updates from the main software package so that these can be delivered under separate cover. This could also allow Apple to package one of these updates to touch multiple major versions of the operating systems.

It could also be a chance for Apple to see a long service life out of iOS devices especially where older devices may not run the latest major version of iOS. This would be very applicable to iPad and iPod Touch users who see long-term use out of those devices or families who pass down older iPhones to their children. It could also be a chance for Apple to keep multiple hardened codebases for iOS going but able to support different device abilities.

It will also encourage Apple to deliver frequent software patches to iOS users especially if they can be installed without restarting the device. This is more so if Apple wants to create a tighter software-quality-assurance regime for their platforms.

But Apple also has to provide separate critical-update delivery to their tvOS operating system which drives their recent Apple TV devices and their watchOS operating system that drives their Apple Watch products. It can then be about creating a robust software quality-assurance approach across all of their products but catering to people who maintain older products.

Tineye – one of the most popular and useful reverse image search tools

Article

How To Do A Reverse Image Search From Your Phone | PCMag

My Comments and further information

Increasingly, most of us who regularly interact with the Internet will be encouraged to perform reverse-image searches.

This is where you use an image you supply or reference as a search term for the same or similar images on other Internet resources. It can also be about identifying a person or other object that is in the image.

Increasingly this is being used by people who engage in online dating to verify the authenticity of the person whom they “hit” on in an online-dating or social-media platform. It is due to romance scams where “catfishing” (pretending to be someone else in order to attract people of a particular kind) is part of the game. Here, part of the modus operandi is for the perpetrator to steal pictures of other people that match a particular look from photo-sharing or social-media sites and use these images in their profile.

It also is being used as a way to verify the authenticity of a product being offered for sale through an online second-hand-goods marketplace like eBay, Craigslist or Gumtree. It also extends to short-term house rentals including AirBnB where the potential tenant wants to verify the authenticity of the premises that is available to let.

As well, reverse image searching is being considered more relevant when it comes to checking the veracity of a news item that is posted online. This is very important in the era of fake news and disinformation where online images including doctored images are being used to corroborate questionable news articles.

How do you do a reverse image search?

At the moment, there are a few reverse-image-search engines that are available to use by the ordinary computer user. These include Tineye, Google Image Search, Bing Visual Search, Yandex’s image search function and Social Catfish’s reverse-image-search function.

A regular computer like this Dell Inspiron 14 5000 2-in-1 makes it easier to do a reverse image search thanks to established operating system and browser code and its user interface.

The process of using these services involves you uploading the image to the service including using “copy-and-paste” techniques or passing the image’s URL to an address box in the search engine’s user interface. The latter method implies a “search-by-reference” method with the reverse-image-search site loading the image associated with that link into itself as its search term.

Using a regular desktop or laptop computer that runs the common desktop operating systems makes this job easier. This is because the browsers offered on these platforms implement tabs or allow multiple sessions so you can run the site in question in one tab or window and one or two reverse-image-search engines in other tabs or windows.

These operating systems also maintain well-developed file systems and copy-paste transfer algorithms that facilitate the transfer of URLs or image data to these reverse-image-search engines. That will also apply if you are dealing with a native app for that online service such as the client app offered by Facebook or LinkedIn for Windows. As well, Chrome and Firefox provide drag-and-drop support so you can drag the image from that Tinder or Facebook profile in one browser session to Tineye running in the other browser session.

But mobile users may find this process very daunting. Typically it requires the site to be opened and logged in to in Chrome or Safari then opened as a desktop version which is the equivalent of viewing it on a regular computer. For Chrome, you have to tap on the three-dot menu and select “Request Desktop Site”. For Safari, you have to tap the upward-facing arrow to show the “desktop view” option and select that option.

Then you open the image in a new tab and copy the image’s URL from the address bar. That is before you visit Google Image Search or Tineye to paste the URL in that app’s interface.

Google has built in to recent mobile versions of Chrome a shortcut to their reverse-image-search function. Here, you “dwell” on the image with your finger to expose a pop-up menu which has the “Search Google For This Image” option. The Bing app has the ability for you to upload images or screenshots for searching.

Share option in Google Chrome on Android

If you use an app like the Facebook, Instagram or Tinder mobile clients, you may have to take a screenshot of the image you want to search on. Recent iOS and Android versions also provide the ability to edit a screenshot before you save it thus cutting out the unnecessary user-interface stuff from what you want to submit. Then you open up Tineye or Google Image Search in your browser and upload the image to the reverse-image-search engine.

How can reverse image searching on the mobile platforms be improved

What can be done to facilitate reverse image searching on the mobile platforms is for reverse-image-search engines to create lightweight apps for each mobile platform. This app would make use of the mobile platform’s “Share” function for you to upload the image or its URL to the reverse-image-search engine as a search term. Then the app would show you the results of your search through a native interface or a view of the appropriate Web interface.

A reverse-image-search tool like Tineye could be a share-to destination for mobile platforms like iOS or Android

Why have this app work as a “share to” destination? This is because most mobile-platform apps and Web browsers make use of the “share to” function as a way to take a local or online resource further. It doesn’t matter whether it is to send to someone else via a messaging platform including email; obtain a printout or, in some cases, stream it on the big screen via AirPlay or Chromecast.

The lightweight mobile app that works with a reverse-image-search engine answers the reality that most of us use smartphones or mobile-platform tablets for personal online activity. This is more so with social media, online dating and online news sources, thanks to the “personal” size of these devices.

Conclusion

What is becoming real is reverse image searching, whether of particular images or Webpages, is being seen as important for our security and privacy and for our society’s stability.

Article

Google Fast Play could open up an improved point-to-point data transfer experience to Android smartphones

Google working on ‘Fast Share,’ Android Beam replacement and AirDrop competitor [Gallery] | 9To5Google.com

Fast Share is Google’s Android Beam replacement: Here’s what you should know | Android Authority

My Comments

Google is to provide as part of the Android platform a new “open-frame” point-to-point data-transfer solution. This solution, known as Fast Share, implements Bluetooth and peer-to-peer Wi-Fi to transfer text, pictures, Weblinks and other resources.

The Android platform had two different peer-to-peer data-transfer solutions previously. The first of these was the Bluetooth profile that was implemented by Symbian, Microsoft and others to transfer pictures, contact details and the like since the rise of the feature phone. The second of these was the Android Beam which used NFC “touch-and-go” as a discovery method and initially used Bluetooth but moved towards peer-to-peer Wi-Fi as a transfer method.

This was while Apple was using AirDrop across their ecosystem which included iPhones and iPads. In Apple’s true style, it was part of keeping as many users on the iOS platform and you couldn’t do things like transfer to other mobile or desktop platforms.

Google is intending to have Fast Share as part of their Play Services software package rather than being “baked in” to a particular version of the Android operating system. Here, Fast Share can be run with Android devices running older versions of the operating system which is a reality with a significant number of phones where the manufacturer won’t provide support for newer Android versions on particular models.

Advance images of this concept shown on the Web are underscoring a tentative plan to port it to their own ChromeOS and Apple’s iOS operating systems. If Microsoft and Apple are interested, it may be seen as a way for Windows or MacOS regular-computer users to share resources across the room on an ad-hoc basis. As well, Google could look at how Fast Share can be implemented in a “headless” form whether for sending or receiving the data.

You will have the ability to share file-based resources like photos, videos, PDFs or vCard-based contact-information files along with URLs pointing to Web-hosted resources or snippets of text. This will satisfy most usage requirements like sharing family snapshots, contact details or Weblinks.

There will be the option to give a sender “preferred visibility” status so they can discover your phone when you are near them. This status means that they will see your device if you aren’t running the Fast Share app. Of course, users can turn Fast Share on and off as required, preferably with the idea of turning it off when using the phone in a public place unless they expect to receive something. You also have the ability to decline or accept incoming files so you have some control over what you receive.

The core issue with Google Fast Share and similar point-to-point across-the-room file-transfer platforms is that they have to work in a truly cross-platform manner so you don’t have to worry whether your friend sitting in that armchair across from you is using an iPhone or Android device when you intend to send that photo to them or share your contact details.

There needs to be software-wide support for determining when a laptop like the Dell Inspiron 13 7000 2-in-1 is on battery power or not so it runs in a manner to conserve battery power

I had read a Lifehacker article about how one could disable real-time malware scanning on a laptop while it is running on battery power as a way to “spin out” the battery runtime further. This was because if the desktop-security program is performing real-time scanning, it would be using a processor thread and demanding more power to do that job.

It is in addition to Microsoft researching ways to minimise screen refreshing while a portable computer is running on batteries so as to conserve battery power. Here, it was about avoiding the need for the CPU and graphics infrastructure to devote lots of energy to “painting” the whole screen when there is a small amount of animation taking place.

Here, I am advocating a “dual-power” approach for software development to allow software to operate in two different modes – a high-performance mode and a power-economy mode. The operating system would sense if the computer is running on external power or battery power and convey this power status to the software applications accordingly. This is in addition to optimising the display, Wi-Fi or other functionality depending on their power source.

It also applies to smartphones like this Samsung Galaxy S8 Plus so they can take advantage of time they are connected to a charger

It is similar to how some portable electronics made through the 70s to the 90s operated depending on the power source. For example some portable radios and boomboxes along with some personal audio players would have the dial or display illuminated while they were connected to external power but you could activate this lighting at the press of a button if the unit was running on batteries. Or some devices would charge rechargeable batteries installed therein while they were connected to external power.

Also there is a reality that most of us will plug our laptops, tablets or smartphones in to a charger while we are at home, in the office or in the car even while we have a full battery in our devices. This is typically to “spin out” the battery runtime and make sure the battery’s “topped off”. In this situation, if we use our devices while they are plugged in to the external power source, we could see a situation where they work in a higher-performance mode.

For example, a game could activate extra “between-move” animations only while the laptop, tablet or smartphone is connected to external power. Or a program which does a lot of calculations like a photo-editing program could work in a “high-performance” mode while on external power. Similarly an email client or similar program could work in a “manual refresh” mode on battery power or an endpoint security program could enable real-time scanning and similar functionality only while on external power.

Games like Candy Crush Saga could work in a manner to provide the best experience depending on if the mobile device is connected to external power or not

What needs to happen is for the desktop or mobile operating system to convey the device power-mode status to all of the apps as part of an “application-programming-interface” hook and for the apps to take advantage of that hook to adapt their behaviour.  The functionality could be enabled or disabled for each application through a configuration option in the application’s settings window.

A security issue that can easily be raised is enablement of unwanted cryptomining and other processes while the mobile device is on external power as a way to facilitate stealthy operation of these processes. This is to make it appear to the user that the unwanted processes don’t exist because there isn’t the excessive battery drain taking place with these processes.

In the privacy context, determining whether a device is running on external power could be used to assume whether the device is at a fixed location or not because AC mains power is the common power source associated with these locations. This is although external power supplies can be used in a mobile context such as being connected to a vehicle’s, boat’s or aircraft’s power infrastructure and used while underway for example.

What is being highlighted here is for the feasibility for operating systems in portable computing devices to convey a system-wide power-mode status relating to use of external power. This is to allow application software to work in a manner to conserve the host computer’s battery power.

USB-C as the power connection for a Dell XPS 13 2-in-1 Ultrabook

I have given a fair bit of space on HomeNetworking01.info to the USB-C host-peripheral connection type since it was launched. It was more to do with a simplified high-throughput high-reliability connection type that will grace our computers, smartphones and similar devices.

But just lately I had upgraded to a new Samsung Galaxy S8+ Android smartphone due to my previous smartphone failing. But I had some previous experience with the USB-C connection through my reviewing of the Dell XPS 13 2-in-1 convertible Ultrabook, which was powered using USB-C as its primary connection type. The previous Android smartphones that I had before implemented a USB microAB connection for their power and data-transfer needs and recent iterations of Android which I experienced on the Galaxy Note series of phones supported USB OTG host-operation modes.

Samsung S8 Plus Android phone using USB-C connection for power and data

The main feature that I liked was the simple approach to connecting devices to my phone. Here, I didn’t have to worry about which way the cable plugged in to my phone, something that was important when it came to connecting it to a charger or power pack.

A situation I was previously encountering with the USB micro-B connector on the previous phones was the need to replace USB cables due to the USB micro-B plug wearing out in the USB micro-AB socket in these phones due to frequent connection and disconnection. This would be typical in relationship to connecting a phone up to a charger for charging then subsequently disconnecting it from the charger for regular use. Then I ended up buying replacement USB A to USB micro-B cables to remedy this problem.

Now I am ending up with a sure-fire connection experience for USB devices similar to using the regular USB connections commonly fitted to regular computers or peripherals.

That situation was often brought on through the use of leaf-spring-type lugs on the USB micro-B connector that were used to make sure the plug fitted properly in the common USB micro-AB socket fitted to smartphones. Here, they can easily wear out and lose their springiness through repeated use. The USB-C connector doesn’t make use of those leaf springs to secure the plug in the socket thanks to it being one plug design for data input and output.

USB-C also works for connecting this phone to a memory card reader for reading photos from my camera

Another benefit that I have experienced is the ability to use the same kind of connector whether the phone is to be a host to a peripheral or to be connected to another computer device. This avoids the need to worry about having to use a USB OTG cable if, for example, I wanted to use a photo from my camera’s SD card to post on Instagram. But I still needed to use a USB-A (female) to USB-C adaptor with the SD card reader but would find this useful if I wanted to use the SD card reader or a USB memory key with any USB-C host device.

Again, I wouldn’t need to worry about which way the cable plugged in to a computer or smartphone equipped with this connector. This can come in handy if I was dealing with USB memory keys attached to keyrings or USB peripherals hanging off a USB cable.

Personally, I see the USB Type-C connection appearing as a viable connection type for laptops, tablets and smartphones especially where these devices are designed to be slim.

One way this connection can be exploited further would be for smartphone manufacturers to install two USB Type-C connectors at the bottom of their products. Similarly, a USB battery pack with USB Type-C connectivity could have have three USB-C sockets and have USB hub functionality. This could then allow for multiple devices to be connected to the same host device.

This article will be built out further as I deal with more connection setups that are based around the USB Type-C connector.

Article

Chromecast is now getting built into hotel TV systems | PC World

From the horse’s mouth

Sonifi

Press Release

Product Page

My Comments

The Google Chromecast HDMI dongle is still seen as a way to throw video and audio content to your TV from your Android mobile device or Google Chrome browser with some support for it on an app level for iOS devices. Dedicated Apple users will see something similar going on when they use the Apple TV device and invoke AirPlay to run video content from their iOS device to their TV.

These devices can be used on a hotel room’s TV but there is a lot of difficulty getting them to work with a hotel’s Wi-Fi-based guest-access network. This is typically because most of these guest-access networks require a Web-based authentication routine for your device along with the proper design practice to isolate client devices from being discovered by each other.

Sonifi have answered this problem by developing the SoniCast technology which provides Google Cast (Chromecast streaming) services for a hotel guestroom TV. This requires the client laptop, tablet or smartphone to be connected to the hotel’s guest-access network as if to benefit from Internet access there. There is software in place that allows you to only discover and stream content to the TVs that are in your room or suite so you can’t stream to the TVs in neighbouring rooms.

Initially, a hotel could provision Netflix, Spotify, Hulu or the like by having support for these services on the guestroom TVs thanks to either a Smart TV or a set-top box. This required guests to enter their service credentials using the “pick-and-choose” method of typing in text on a TV – how long does that take to enter a typical email-address and password using that D-pad! These systems would “clear the slate” and log guests out when they check out of the hotel.

But this Chromecast-based solution allows you to keep your credentials for these services on your phone or tablet and the authentication for the services takes place at your device. As well, you are effectively working the online services like your Netflix queues or Spotify playlists using the apps installed on your mobile device.

A question I would like to raise is whether Sonifi will extend the SoniCast platform to work with Apple’s AirPlay streaming platform, Spotify Connect audio streaming or even the DLNA media-controller concept. With Apple, this may be seen as a difficult ask but DLNA and Spotify Connect could add extra value to the SoniCast “BYO media” platform.

At least I see this as a step in the right direction for tight integration between the hotel guestroom’s TV and a guest’s own computing devices.