Just a quick note that Stephen’s tutorial on building encrypted iPhone applications with SQLCipher has been published by the fine folks at Mobile Orchard. Thanks, Dan!
Just a quick note that Stephen’s tutorial on building encrypted iPhone applications with SQLCipher has been published by the fine folks at Mobile Orchard. Thanks, Dan!
GUID collision
inevitable, but we
live with the odds
Lifted from Mr. Kradel. I know, I cheated a little.
Dan Grigsby has put together a helper for doing simple Facebook status updates from an iPhone app with a minimal amount of fuss.
Ignore the pirate-speak, that’s my lang setting on Facebook
- (void)session:(FBSession*)session didLogin:(FBUID)uid {
fbHelper.status = @"is learning to set Facebook status programatically from an iPhone";
}
Most excellent.
Received in email from Apple:
As a developer actively working with iPhone OS, we would like your help in a private test of the Apple Push Notification service. For this test, we have selected AOL’s AIM Developer Preview for iPhone OS 3.0 to create a high-volume test environment for our servers.
I wonder if they are hoping to drum up interest and adoption of PNS, which has received a luke-warm reception from many developers. Putting that aside, I’m surprised to see Apple asking the developer community for help, pro bono. Considering how consistently poorly they treat third-party developers, that’s some nerve.
At the WWDC yesterday Apple announced the upcoming availability of their iPhone 3G S. In addition to a host of speed optimizations and new OS features Apple announced some new security features for the 3G S models: “Hardware Encryption” and remote wipe.
Ostensibly, the plan is that if your phone were lost or stolen you could issue a remote wipe and be confident that your data couldn’t be accessed. This is a feature that security conscious companies expect based on their experiences with BlackBerry’s “Erase Data and Disable Handheld” feature.
It’s interesting, however, to take a close look at careful wording Apple has used in their communications about the feature:
“iPhone 3G S offers highly secure hardware encryption that enables instantaneous remote wipe. You can even encrypt your iTunes backups.”
It almost sounds like the “whole device” encryption is primarily used to drive the remote wipe feature, not as an active security measure in its own right. If the encryption were used behind the scenes to secure the data on flash, then the remote wipe operation may not delete data. It could just remove the key and the device would “instantaneously” be rendered inoperable.
If that is the approach used there are some potential security implications:
This is all wild speculation of course, since very few substantive details have been released. While there is no doubt that the encryption features will enhance iPhone device security, it remains to be seen how the practical improvements will compare to the launch hype. I strongly suspect that highly sensitive information storage will still require dedicated security applications.