Apr 20

iPhone Tracks Your Every Move, and There’s a Map for That

Posted in: Apple, iPhone, Law, Phones, privacy, Today's Chili

An unencrypted file stored in iPhones and iPads constantly records a user's location data. An open source application was used to plot the location data from an iPhone belonging to a Wired.com reporter.

Your iPhone or 3G-equipped iPad has been secretly recording your location for the past 10 months.

Wired.com can confirm that fact: The screengrab above shows a map containing drop pins of everywhere yours truly has been in the past year.

Software hackers Peter Warden and Alasdair Allen discovered an unencrypted file inside Apple’s iOS 4 software, storing a long list of locations accompanied with time stamps. The file is labeled “consolidated.db.”

“Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps,” Warden and Allen wrote. “We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”

Warden is providing an open source program “iPhone Tracker” for iPhone and 3G iPad customers to output their location file into an interactive map, like the one above, so they can see for themselves. All you have to do is plug in your iDevice through USB and run Warden’s application. The software requires OS X 10.6 (Snow Leopard).

The iPhoneTracker application features a sliding bar for users to see where they were in specific times of the year.

Apple did not immediately respond to a request for a comment. Apple has not previously disclosed that iPhones and iPads are constantly tracking and storing user location.

The discovery is the latest in a series of alarming incidents that serve as cautionary tales about privacy in the always-connected mobile era.

Recently, German politician and privacy advocate Malte Spitz sued his phone carrier Deutsche Telekom to get every piece of information it had about him. The carrier delivered to him a gigantic file containing 35,000 data points of his location for six months. Later, a German publication plotted Spitz’s data onto an interactive map.

This iPhone and iPad privacy leak is eerily similar, and creepier, considering that Apple has sold over 100 million iPhones and 15 million iPads.

The location data stored inside “consolidated.db” cannot be accessed by Safari or any apps, said Charlie Miller, a security researcher known for discovering vulnerabilities in the iPhone. However, the data file is sensitive because a thief who gains physical access to an iPhone or iPad could look at the file and see everywhere a customer has been, or a hacker could remotely break in and read the file, Miller said.

It’s not simple for a hacker to remotely access an iPhone to get to that file. But in the past, Miller found an exploit that would allow a hacker to hijack an iPhone just by sending a text message to it containing malicious code. Apple later patched that exploit, but security researchers say there are plenty of vulnerabilities in the wild left unaddressed.

Sharon Nissim, consumer privacy counsel of the Electronic Privacy Information Center, said it is possible Apple is violating the Wireless Communications and Public Safety Act, which allows telecom carriers to provide call information only in emergency situations.

“By asking for permission to collect location data, Apple may be trying to get around its legal obligations, by asking people to give up privacy rights they don’t even know they have,” Nissim said.

She added that a potential privacy concern is that law enforcement would be able to subpoena these types of records from people’s iPhones or iPads.

See Also:


No Comments | Tags:
Apr 19

AT&T Lacks PlayBook Bridge Support for BlackBerry Smartphone Users

Posted in: att, BlackBerry, Phones, playbook, RIM, tablet, Tablets and E-Readers, Today's Chili

RIM's PlayBook tablet has already taken much heat for launching without crucial features. Photo: Jon Snyder/Wired.com

The only way to access e-mail, calendar and contact information on the BlackBerry PlayBook without using a browser is with an app called BlackBerry Bridge, which links Research in Motion’s tablet to BlackBerry smartphones.

Too bad that AT&T subscribers can’t use it yet.

BlackBerry users on AT&T’s network are out of luck when it comes to Bridge, as AT&T is currently the only carrier that does not support the app on BlackBerry smartphones. That means they’re stuck with either e-mail access via web browser on the PlayBook, or sticking to their phones for native e-mail access.

As one Crackberry.com user noted, the flagship BlackBerry smartphone on AT&T — the BlackBerry Torch — can’t even be bridged.

Initial speculation on AT&T’s lack of support suggested the company didn’t want BlackBerry users to take advantage of tethering the PlayBook to their phone’s data plan without paying for it, as Crackberry.com’s Adam Zeis wrote.

But AT&T provided Wired.com with a statement, quashing the speculation:

AT&T is working with RIM to make the BlackBerry Bridge app available for AT&T customers. We have just received the app for testing and before it’s made available to AT&T customers we want to ensure it delivers a quality experience.

When asked if AT&T would charge its BlackBerry smartphone customers for using Bridge as a data-tethering connection to the PlayBook, AT&T would not comment further, restating that it “just received the app for testing.”

RIM has already taken flak for rushing the PlayBook to market without crucial features.

There is, however, an unofficial workaround for AT&T subscribers. Apparently, AT&T is only blocking the download of the app itself from App World, and not the actual bridging process between devices, as Crackberry.com points out.

RIM’s PlayBook has been heavily criticized for its lack of native e-mail applications. The company has tried to downplay its significance in press interviews, as evidenced by CEO Jim Balsillie’s comments in a recent Wall Street Journal interview:

“A lot of people who want [the PlayBook] will pair it freely and securely off their BlackBerries [by tethering it via Bridge]. Because it’s a full web [environment], you don’t need a specific mail client for all your Webmail, and most people do you use Webmail.”

Though RIM is still hedging its bets for the crowd that wants that specific mail client: A “a standalone, nonweb, nonpaired e-mail client” will be made available to the PlayBook within the next 60 days, Balsillie told The Journal.

See Also:


No Comments | Tags: ,
Apr 19

Hands-On With LG’s Latest Android Phone, the G2X

Posted in: Android, LG, Phones, smartphone, t-mobile, Today's Chili

<< Previous
|
Next >>


g2xfront


LG’s G2X is the American version of the Optimus 2X, which has already been released in Europe. Photo: Jon Snyder/Wired.com
<< Previous
|
Next >>

View all

Along with the Motorola Atrix, LG’s G2X is one of the first dual-core smartphones powered by Nvidia’s Tegra 2 processor to hit the market. Our first impression after getting our hands on it: Two cores really are better than one.

As soon as we picked the phone up and started scrolling through the app menus, the phone’s speed was immediately noticeable. Switching back and forth between different menu screens was speedier than ever. Playing the Halo-like pre-loaded app “Nova” was a super smooth experience, as the game ran with minimal choppiness while handling some fairly intense animations.

What’s worrisome, however, is the relatively small amount of RAM that comes in the G2X. With such a powerful processor under the hood, we’re a bit surprised the phone only comes with 512 MB of RAM installed. That might not prove to be enough for future resource-hungry apps and games. For now though, the phone ran the games we played like a charm.

Instead of rolling its own custom user interface, LG went with a stock version of Android 2.2 (Froyo) for the G2X. Frankly, not having to deal with another manufacturer’s skin is a big plus for us: Interfaces like HTC’s Sense or Motoblur just feel chunky compared to the bare-bones version of the OS. And although it’s not running the latest version of Android (Gingerbread) quite yet, it’s slated to receive the OS update sometime this summer.

The 4-inch capacitive touch screen displays color brilliantly, and the 8-megapixel back facing camera takes some of the best camera phone shots we’ve seen yet (not to mention that 8 megapixels is one of the highest smartphone camera resolutions on the market now). A 1.3-megapixel front facing camera comes ready for video chat using T-Mobile’s QikTM app.

HDMI output on the phone allows you to connect it to a flatscreen, so you can watch 1080p video from your phone. The camcorder also supports 1080p video recording, and DLNA means wireless playback on compatible devices.

The phone comes with 8 GB of internal storage (a relatively small amount if you’ve got a big music library), upgradable to 32 GB via microSD card slot.

An interesting quirk: the phone’s power button is on the right-hand side of the top edge. If you’re right handed like I am, it can be a bit disorienting to reach for a button on the left-hand side that just isn’t there.

T-Mobile’s network performance on the phone was adequate, though left us wanting. T-Mobile markets its HSPA+ as “4G” — a term which has grown murkier in the recent past — with “theoretical peak download speeds reaching 21 Mbps and peak upload speeds of up to 5.7 Mbps.” Our average over two days of testing in the San Francisco Bay Area was significantly less than that optimistic “theoretical peak,” with download speeds in the 3.5 to 5.5 Mbps range, and upload speeds anywhere from 0.2 Mbps to 1.8 Mbps. 4G coverage was spotty at best outside of San Francisco proper, and the phone dropped two of the ten or so calls I made over the weekend.

Dual-core processors are hot this year. Motorola’s Atrix was the first to drop in February, and HTC’s dual-core Sensation 4G is scheduled for a mid-May release in the U.K. And as recently as last week, reports suggest that Samsung may produce a dual-core smartphone offering by next year.

Will the dual-core trend continue? If the speed of the LG G2X is any indication, we sure think so.

See Also:


No Comments | Tags:
Apr 15

Skype’s Android App Could Expose Your Personal Details

Posted in: Android, app, Phones, security, skype, Software and Operating Systems, Today's Chili

User details such as your name, birthday and address can be accessed in a security loophole on Skype for Android. Photo courtesy of Skype

A recently discovered security flaw in Skype for Android mobile devices could give prying eyes a peek at your personal data, including full name, date of birth and contact information.

Using a custom-made app to test Skype Video for security issues, mobile blog Android Police discovered a simple exploit to access many sensitive user details in the current version of Skype for Android mobile phone users.

After downloading and analyzing a leaked version of Skype Video, which appeared earlier in the week, Android Police blogger “Justin Case” discovered how poorly the app protected user data.

He was able to access user data with some custom software to break through the Skype app’s security. After testing this on the currently released version of Skype video for Android — which has been in wide release since October 2010 — he found that it contains the same security issues.

The exploit gains access to the file “main.db” in the Skype directory. This file holds sensitive information such as your first and last name, birthday, billing address, e-mail addresses, home and cellphone numbers. Information on all the people in your address book is accessible through the contacts database, and all stored chat logs are also accessible through the chat database.

The custom app, which the Android Police named “Skypwned,” doesn’t require root access to the phone in order to exploit Skype’s security loophole.

“This means that a rogue developer could modify an existing application with code from our proof of concept (without much difficulty), distribute that application on the Market, and just watch as all that private user information pours in,” Android Police wrote.

The loophole doesn’t appear to be showing in the Skype Mobile for Verizon version of the app, according to Android Police.

Skype provided Wired.com with a statement, claiming it was working to address the vulnerability:

It has been brought to our attention that, were you to install a malicious third-party application onto your Android device, then it could access the locally stored Skype for Android files.

These files include cached profile information and instant messages. We take your privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application.

To protect your personal information, we advise users to take care in selecting which applications to download and install onto their device.

This isn’t Skype’s first time to take heat on security issues. In March, advocacy group Privacy International called upon Skype to tighten up some of its security measures in a vehemently worded blog post. The blog post cited the ease of a Skype user’s ability to imitate other users, as well as a lack of HTTPS-level of protection for its downloads.

The blogger who detected the security issue suggests three ways for Skype to fix it: the use of proper file permissions, the institution of an encryption scheme and a thorough security review of the company’s apps before their release.

See Also:


No Comments | Tags: ,
Apr 15

Windows Phone 7: Still a Small Player, But Software Blazes Ahead

Posted in: Microsoft, nokia, Phones, Today's Chili, windows phone 7

WP7-installed mobile devices are subjected to automated testing cycles. Photo: Mike Kane/Wired.com

Microsoft’s new Windows phone platform hasn’t gained much momentum in the market, but the company is rapidly revising the operating system in an effort to catch up with rivals.

The company on Wednesday at its MIX developer conference detailed the upcoming software update for Windows Phone 7, dubbed “Mango,” due for release this fall.

The software update will be compatible with all smartphones running Windows Phone 7. Microsoft’s new OS is available on some smartphones from hardware partners including LG, Samsung, HTC and Dell.

Microsoft’s Windows Phone 7 is the software giant’s complete do-over on a mobile OS, after its predecessor, Windows Mobile, took a big hit in market share in the wake of Apple’s iPhone and Android-powered smartphones.

Notably, the Mango update will introduce multitasking for background processing, file transfers and fast app switching, similar to Apple’s iOS multitasking.

Also, third-party apps will be able to take advantage of some of the sensors inside Windows Phone 7-powered hardware, including the camera and motion sensors, for programmers to create augmented-reality applications. Some other core features of Windows Phone 7 include copy and paste and multimedia messaging.

“The next release of Windows Phone represents the evolution of our strategy for ensuring that developers are at the forefront of ‘what’s next’ by investing in even richer customer experiences, a powerful application platform and a thriving ecosystem,” said Joe Belfiore, corporate vice president of Windows Phone, in a statement.

Indubitably, Apple and Google will continue issuing software updates for their mobile operating systems too. But it’s worth noting that copy and paste didn’t appear on Apple’s iPhone until version 3.0, and multitasking and fast-app switching came in version 4.0. Windows Phone 7 has only been on the market since November 2010, and it’s going to be delivering all those features after less than a year.

The nimble pace of Windows phone upgrades shows how seriously Microsoft is investing in the new Windows Phone 7 platform, despite its paltry sales estimates. That intensity may be partly spurred by anticipation of its impending partnership with Nokia.

Microsoft and Nokia recently announced their plans to sell Windows Phone 7-powered Nokia phones together. Given Nokia’s position as the world’s largest cellphone manufacturer, this partnership should provide a significant springboard for Windows Phone 7 to gain presence worldwide.

The first Nokia Windows phones won’t ship until 2012, and at the pace Microsoft is moving with Windows Phone updates, it will be interesting to see how much the mobile space changes once that partnership comes into fruition. Research firm IDC predicts that Windows Phone 7 will be the No. 2 player in the smartphone market by 2015.

See Also:


No Comments
Apr 14

Rumor: White iPhone 4 to Land in Stores End of April

Posted in: Apple, Phones, rumors, Today's Chili

Apple has delayed the white iPhone 4 multiple times due to unspecified manufacturing problems. Photo: Jon Snyder/Wired.com

Apple is finally releasing the white model of the iPhone 4, almost a year behind schedule, according to a report.

Multiple sources told Bloomberg that Apple was preparing to release the white iPhone 4 by the end of April for both the Verizon and AT&T networks, 10 months after the black model debuted.

Apple said earlier this year that the white iPhone 4 was delayed until this spring because of manufacturing problems, but never specified the issue. One source tells Bloomberg that one problem was the white paint peeling under heat.

The different color option could provide a possible alternative to buyers eagerly awaiting the fifth-generation iPhone, which may not be released this summer. Sources told Apple blogger Jim Dalrymple that an iPhone 5 would not be introduced at the Worldwide Developers Conference in June, even though iPhone upgrades have traditionally been launched at this annual event.

For Apple, releasing an iPhone 5 later would make sense, because it would give the white iPhone, as well as the two-month-old Verizon iPhone 4, more shelf life.

See Also:


No Comments | Tags: ,
Apr 13

Windows Phone 7, You Were Supposed to be Great. So What Happened? [Phones]

Posted in: Android, Apple, Google, ios, Phones, Today's Chili, top, windows phone 7, Wp7

“Windows Phone 7 is the most aggressively different, fresh approach to a phone interface since the iPhone.” We published those words half a year ago, hoping WP7 would be a radical firebrand in phone land. But it’s stalled. We’re disappointed. More »

No Comments | Tags: ,
Apr 13

The Rebels Have Hacked Gadhafi’s Cellphone Network [Libya]

Posted in: cellphones, phone, Phones, Today's Chili, top

When Colonel Gadhafi seized control of the internet and jammed cellular networks, it left 2 million Libyans without secure wireless communication to each other or the world. It also caused mayhem for the rebels, who were left coordinating their battle fronts with only hand signals, “a throw-back that proved disastrous,” says the WSJ. More »

No Comments | Tags:
Apr 12

iPhone or iSpy? Feds, Lawyers Tackle Mobile Privacy

Posted in: Android, Apple, iPhone, Law, Phones, Smartphones, Today's Chili

Some iPhone apps ask you for permission to track your geographical location. However, some apps pull such data without your approval. Photo: Jon Snyder/Wired.com

If people want to know everything about you, they need look no further than your smartphone. It contains a host of your personal information and leaves a trail of digital footprints everywhere you go.

A proposed class-action lawsuit filed last week alleges that Apple and a handful of app makers are invading user privacy by accessing personal data from customers’ smartphones without permission and sharing it with third-party advertisers.

Concurrently, federal prosecutors in New Jersey are investigating whether several smartphone app makers, including Pandora, are transmitting customer information without proper disclosure. Separately, Congress is mulling legislation aimed at giving consumers the option to tell companies not to track their personal data.

“I’m glad this is coming to light, because I think consumers are waking up to the tracking that’s going on with a computer, but I think there’s an extreme lack of knowledge about the tracking on your iPhone or your iPad,” said Sharon Nissim, consumer privacy counsel of the Electronic Privacy Information Center, which is not involved in the lawsuit.

Plaintiffs Natasha Acosta and Dolma Acevedo-Crespo on April 7 filed a civil complaint against Apple and eight companies providing iPhone or iPad apps, accusing them of violating the Computer Fraud and Abuse Act by intentionally accessing customer information without their authorization. The complaint seeks class-action status on behalf of every iPhone or iPad user who has installed one of the defendant’s apps over the last four years.

Well-known apps named in the lawsuit, which was filed in the district of Puerto Rico, include music-streaming service Pandora, and Dictionary.com.

The complaint accuses both Dictionary.com and Pandora [.pdf] of sharing an iPhone user’s unique device identifier, age, gender and location with third parties, including advertisers. Neither Pandora nor Dictionary.com are services that rely on location, the complaint notes.

The lawsuit cites as evidence an ongoing independent investigation by The Wall Street Journal, which tested 101 apps and found that 56 transmitted the phone’s UDID to third parties without user awareness or consent.

An iPhone does not transmit a customer’s real name, but Apple and third-party apps can identify a device with a string of unique numbers, known as the unique device identifier (UDID).

The problem is, with a UDID and other personal information such as location, age and gender data, a company could easily piece together the real identity of a smartphone user and sell that information to marketers, explained John Nevares, a lawyer representing the class-action complaint.

“When you put those together they’re able to transfer to a third party all your personal information so they can contact you later on and try to sell you something,” Nevares said. He added that this type of activity constitutes fraud and deceptive practices.

EPIC’s Nissim echoed Nevares’ concerns.

“There hasn’t been a lot of recognition that that type of identified number should be treated as personally identifiable information,” Nissim said. “If it’s combined with other information it could be used to identify you, and it becomes a gold mine of data for advertisers.”

Also as a result of The Wall Street Journal’s investigation, a federal grand jury has issued subpoenas to multiple iPhone and Android app makers, including Pandora and Anthony Campiti, creator of the Pumpkin Maker iPhone app. Pumpkin Maker, which is also named in the New Zealand class-action complaint, is an app that allows customers to carve virtual jack-o’-lanterns. The WSJ found that this app shares UDID and location data with advertisers.

The federal investigation is significant, because it could result in criminal charges against companies accused of committing fraud, the WSJ notes. However, it’s rare that companies get charged with criminal offenses, so the investigation may evolve into a civil issue, meaning companies could be forced to pay monetary damages and promise to cease these practices.

“They’re just doing information-gathering to get a better understanding” of the industry, Campiti told WSJ. “We’re not doing anything wrong and neither is anyone else doing anything wrong.”

Apple declined to comment on this story.

However, an Apple spokeswoman referred Wired.com to Apple’s privacy policy, which states, “We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.”

Issues of mobile privacy are not unique to the United States. In Germany, politician and privacy advocate Malte Spitz sued his carrier, Deutsche Telekom, to get all the information it had on him.

The telecom giant handed over to Spitz a gigantic file revealing it had tracked him 35,000 times between August 2009 and February 2010 — enough data points for German newspaper Die Zeit to compile an interactive map and video tracking his every move for six months.

In response to the Spitz incident, two U.S. Congressmen are urging American phone companies AT&T, Verizon, Sprint and T-Mobile to disclose their data collection practices.

See Also:


No Comments | Tags: ,
Apr 12

HTC’s New Android Phone to Offer Netflix-Like Video Service

Posted in: Android, HTC, Phones, t-mobile, Today's Chili

HTC revealed its latest high-end Android smartphone offering, the Sensation 4G, on Tuesday. Along with the phone, the Taiwanese electronics manufacturer is also debuting its new mobile media rental-and-purchase service, HTC Watch.

The Sensation will debut in Europe in mid-May alongside HTC’s tablet offering, the Flyer, and in Britain, Germany and other European markets in June. HTC Watch will be available on both devices, and will launch with over 500 titles. Users have the option to either rent or buy movies on Watch, but purchased videos can be viewed on up to five different HTC devices.

The Sensation and Flyer will arrive on American shores later — in the summer. The Sensation 4G will be exclusive to T-Mobile’s HSPA+ network. (Whether you consider HSPA+ to be 4G or not, however, is another issue.)

The new media service, HTC Watch, highlights the media-hub qualities of the Sensation’s hardware. The phone will sport a massive 4.3-inch LCD screen, and the 8-megapixel back-facing camera is capable of recording HD video at 1080p resolution. For quick editing of your footage, the phone will also include the Video Trimmer tool which allows for clip cropping straight from the handset.

The Sensation will also launch with a new version of HTC Sense, the company’s custom interface for Android.

HTC recently launched another high-end Android smartphone on Verizon’s 4G LTE network to much acclaim: the Thunderbolt. The phone has been reportedly selling well since its debut, and is said to be outselling the iPhone 4 in a number of Verizon stores.

HTC wouldn’t provide pricing details on the new video service, or the Sensation, when we asked. The company says it will make that info available closer to the phone’s release date.

The Sensation is HTC’s second announced device to feature a dual-core processor, the 1.2-GHz Qualcomm Snapdragon. The company’s upcoming Evo 3D also sports a 1.2-GHz Snapdragon, though it has yet to launch.

Rival device manufacturers have also debuted dual-core smartphones this year. The Motorola Atrix and LG Optimus 2X were announced in January — carried on AT&T and T-Mobile, respectively.

For a hands-on first look, check out Wired UK’s initial impressions of the Sensation.

HTC's Sensation 4G will debut on T-Mobile's network this summer.

See Also:


No Comments | Tags: