tag:theconversation.com,2011:/global/topics/ios8-10767/articlesiOS8 – The Conversation2014-09-24T09:42:23Ztag:theconversation.com,2011:article/320512014-09-24T09:42:23Z2014-09-24T09:42:23ZAfter all these hacks, tech firms could do more – but better security starts with you<figure><img src="https://images.theconversation.com/files/59822/original/q8n92bxj-1411502680.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">A belt and braces approach is wise.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/modernrelics/6889241086/">Modern Relics</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span></figcaption></figure><p>After various celebrities’ accounts on Apple’s iCloud servers were <a href="https://theconversation.com/novice-mistake-may-have-been-the-cause-of-the-icloud-naked-celebrities-hack-31272">hacked</a>, the company has made a point of addressing these issues. It has made <a href="https://www.apple.com/privacy/">new claims for the security of iOS 8</a>, the firm’s latest phone operating system, and for its cloud services. Similarly, Google announced the next version of its Android phone operating system will <a href="http://www.bbc.co.uk/news/technology-29276955">encrypt all data by default</a>. But what sort of security do these measures provide?</p>
<h2>Security in the hand</h2>
<p>All phones and tablets provide a device lock that requires a passcode or swipe gesture to unlock. But many owners – up to 50% – either don’t use the feature, or use a <a href="http://danielamitay.com/blog/2011/6/13/most-common-iphone-passcodes">trivial passcode such as 1234</a>. Fingerprint readers, as <a href="https://theconversation.com/iphone-5s-fingerprint-scanning-thumbs-up-or-down-18112">introduced in the iPhone 5</a>, are perhaps the way forward and through ease of use are likely to increase the number of users locking their phones.</p>
<p>While a device lock provides some protection, it’s still possible that a hacker, or the authorities, could extract data given physical access to the device. Encryption, as offered by both Apple’s iOS and Google’s Android platforms, would defeat this (or make it extremely difficult) by requiring a passcode to decrypt the contents and make them readable. </p>
<p>Android has offered this since 2011, while for Apple it was introduced with iOS 7 in September 2013 for mail and data in third-party apps. With iOS 8, this is extended to the phone’s messages, mail, calendar, contacts and photos. Additionally Apple claims that it no longer stores a copy of the encryption key used, making it unable to respond to a warrant demanding access to the data, whether backed up in the cloud or on the device.</p>
<p>In the UK, police will <a href="http://www.independent.co.uk/life-style/gadgets-and-tech/uk-police-to-start-seizing-drivers-mobile-phones-after-all-crashes-9632873.html">seize mobile phones after a car crash</a> in order to see if drivers were texting and driving. This follows a pilot scheme in which police stations equipped with specialist readers are able to swiftly <a href="http://www.bbc.co.uk/news/technology-18102793">extract the entire contents of a phone</a>. Whether this will be defeated by the encryption introduced by iOS and Android remains to be seen. Certainly the UK Regulation of Investigatory Powers Act 2000 (RIPA) empowers the authorities to <a href="https://theconversation.com/cloud-data-makes-life-easier-for-government-spooks-and-the-law-gives-them-a-free-pass-31696">compel a user to supply decryption keys</a> or passcodes.</p>
<p>Apple’s <a href="http://www.cnet.com/how-to/apple-pay-how-it-works-security/">new payment system</a> built around its near field communication (NFC) chip and protocol does not store or transmit credit card details. This makes it fairly secure, and should massively reduce the number of skimming techniques that are possible with other card payments, as neither the card number nor the pin code will be accessible during the payment process, stored as they are in a secure hardware chip in the phone.</p>
<h2>Security in the cloud</h2>
<p>Most smartphones now back-up data to the cloud and it was through this that hackers gained access to the images that were then leaked. There’s no evidence that Apple’s servers were hacked and compromised – unfortunately this privacy breach was made possible by poorly chosen passwords and <a href="http://www.eweek.com/mobile/what-apple-needs-to-do-to-secure-its-users.html">a weak security questions system</a> that allowed repeat guesses without raising the alarm.</p>
<p>There are files containing millions of popular passwords available on the internet and it’s likely hackers simply ran programs that tried various combinations until they succeeded – a “brute force” attack – together with answers to security questions guessed based on publicly known information. Apple has now firmed up its security procedure by introducing a maximum number of incorrect answers to security questions and notifying users when their online accounts are accessed.</p>
<h2>Security starts with you</h2>
<p>So make sure the weak link in the security isn’t you. Choose a <a href="http://xkcd.com/936">strong password</a> – it isn’t hard. Don’t use an obvious passcode, and use a fingerprint scanner if fitted. Use Apple <a href="https://www.apple.com/uk/icloud/find-my-iphone.html">Find My Phone</a> or Android’s <a href="http://android-device-manager.en.softonic.com/web-apps">Device Manager</a> so a lost or stolen phone can be locked, traced or even remotely wiped. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=487&fit=crop&dpr=1 600w, https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=487&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=487&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=612&fit=crop&dpr=1 754w, https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=612&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/59815/original/hp9qnst5-1411496487.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=612&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption"></span>
<span class="attribution"><span class="source">xkcd</span>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span>
</figcaption>
</figure>
<p>For iPhones, upgrade to iOS 8 or at the very least upgrade to iOS 5 or higher. For Android, look into encrypting the device’s contents and when installing a new app be aware of what it is asking access to – don’t blindly click on messages that say “Let this app have access to…” as malicious apps could wrestle data from your phone and send it out over the internet. Some companies have a terrible reputation when it comes to privacy (for example Facebook), so be cautious of default settings.</p>
<h2>Use the best tools available</h2>
<p>Currently the best way to secure online accounts is (together with a strong password) to turn on <a href="http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now">two-factor authentication</a> – as offered by <a href="http://support.apple.com/kb/ht5570">Apple</a>, <a href="https://www.google.com/landing/2step/index.html">Google</a>, <a href="https://www.facebook.com/note.php?note_id=10150172618258920">Facebook</a> and <a href="https://blog.twitter.com/2013/getting-started-with-login-verification">Twitter</a>.</p>
<p>You register a phone number, which the service will call or text with a pin number. This will be required in addition to your password to gain access. This is set up per device, for example once for your phone and once for your laptop. Trusted devices will work as they did, but someone else (or you) attempting to access your account from another device will need not only your password, but access to your phone to get the pin number the service sends.</p>
<p>Google goes further, allowing you to generate new, random passwords for each of its online services you use or each device, so that if someone compromises one password it won’t open any others.</p>
<p>While it’s a bit more of a hassle, try to have different passwords for different accounts as <a href="http://xkcd.com/792/">re-using passwords is as bad as having weak passwords</a>. Use the tools available – web browers save passwords and there are software tools such as password managers that can simplify the task – but make sure you know how they work.</p>
<p>And even at the end of their lives, computers, phones and other devices <a href="http://www.computerworld.com/article/2538325/computer-hardware/how-to-wipe-personal-data-from-cell-phones-and-pcs.html">need to be securely wiped</a> to <a href="http://ico.org.uk/for_the_public/topic_specific_guides/online/deleting_your_data">remove all traces of personal data</a> (including the passwords and financial details we’ve been so keen to protect) before being given away or sold. Not doing so is little different than handing your keys to a burglar.</p>
<p>Blaming the companies for security failures is too easy – consumers have to get wiser about locking their data away.</p><img src="https://counter.theconversation.com/content/32051/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Barry Avery does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>After various celebrities’ accounts on Apple’s iCloud servers were hacked, the company has made a point of addressing these issues. It has made new claims for the security of iOS 8, the firm’s latest phone…Barry Avery, Associate Professor, Informatics and Operations , Kingston UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/312832014-09-10T02:31:13Z2014-09-10T02:31:13ZWearer be warned: your fitness data may be sold or used against you<figure><img src="https://images.theconversation.com/files/58628/original/96ptnc6z-1410312823.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">When digital device users connect to cloud storage or developers’ data archives, they lose control of their data.</span> <span class="attribution"><a class="source" href="http://www.shutterstock.com/pic-175183394/stock-photo-fit-sports-woman-jogging-at-park.html?src=tGbLOaEj-cDcvbuxYrmedA-1-75">LZF/Shutterstock</a></span></figcaption></figure><p>People interested in tracking their health, physical activity levels and body functions can now choose from <a href="http://quantifiedself.com/guide/tools?sort=reviews&pg=1">a plethora</a> of sensor-embedded digital gadgets to monitor and measure their bodies. But the big question for many users is how their personal health and medical data are used. </p>
<p>The Apple Watch, <a href="http://www.apple.com/watch/">announced in detail</a> yesterday, is just the latest among an array of wearable technologies using built-in sensors. Apple’s iOS 8 Health app provides a “dashboard” of health and fitness data for self-trackers. Apple has also <a href="https://www.apple.com/ios/ios8/health/">developed a tool</a> for developers, the HealthKit. </p>
<p>When self-tracking was an activity limited to jotting notes down in a paper journal or diary, this information could easily be kept private. No-one else could know the finer details of one’s sleeping or bowel habits, sex life, diet, heart rate, body weight or efforts to give up smoking. </p>
<p>However when people use digital devices that connect to computing cloud storage facilities or developers’ data archives, the user no longer owns or control their own data. This personal and <a href="http://simplysociology.wordpress.com/2014/05/04/quantifying-the-sexual-and-reproductive-self/">often very private information</a> becomes part of vast digital data collections that are increasingly used by actors and agents in many different social domains. </p>
<p>Personal health and medical data is now <a href="http://simplysociology.wordpress.com/2014/08/07/the-five-modes-of-self-tracking/">used for much more than</a> just gathering information on oneself for one’s own private reasons. This information is a commodity that can be used for commercial, managerial and governmental purposes and on-sold to third parties. </p>
<p>The US Federal Trade Commission, for example, recently found that <a href="http://adage.com/article/privacy-and-regulation/ftc-signals-focus-health-fitness-data-privacy/293080/">12 health and fitness apps</a> shared user data with a total of 76 third parties. These data in some cases included geolocation, gender, names and email addresses, exercise and diet habits and medical symptom searches. </p>
<figure class="align-right ">
<img alt="" src="https://images.theconversation.com/files/58626/original/9ph4vyrh-1410312078.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/58626/original/9ph4vyrh-1410312078.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=899&fit=crop&dpr=1 600w, https://images.theconversation.com/files/58626/original/9ph4vyrh-1410312078.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=899&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/58626/original/9ph4vyrh-1410312078.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=899&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/58626/original/9ph4vyrh-1410312078.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1130&fit=crop&dpr=1 754w, https://images.theconversation.com/files/58626/original/9ph4vyrh-1410312078.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1130&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/58626/original/9ph4vyrh-1410312078.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1130&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Personal health information is commercially valuable.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/thecampbells/10742828434">Shawn Campbell/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<p>Self-tracking devices are now often used as surveillance technologies by organisations that are interested in monitoring people’s health and medical information. </p>
<p><a href="http://www.forbes.com/sites/parmyolson/2014/06/19/wearable-tech-health-insurance/">Health and life insurance companies</a> in the United States are beginning to use financial incentives to encourage their customers to use digital self-tracking devices. The data that are generated are used by the companies to calculate risk and customise their premiums for each individual customer. </p>
<p>Some wearable tech developers have <a href="http://www.ihealthbeat.org/insight/2014/digital-health-tools-are-a-growing-part-of-workplace-wellness-programs">arrangements in place with workplaces</a> to support wellness programs using self-tracking technologies. </p>
<p>Even <a href="http://news.walgreens.com/article_display.cfm?article_id=5883">the customer loyalty programs of some retailers</a> are now incorporating members’ digitally-tracked personal health data into their rewards systems.</p>
<p><a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2409074">New forms of discrimination</a> are potentially created by the use of personal health data by other parties. The Federal Trade Commission’s report noted that combining personal data sets can lead to users being re-identified even when the data were originally anonymous. </p>
<p>This could have serious repercussions. People may be denied credit, housing, employment or insurance, for example, if their medical data were readily accessible. </p>
<p>Not only are personal data now used by second and third parties, the security of these data are in question. We know from the <a href="https://theconversation.com/who-is-to-blame-when-icloud-is-hacked-you-or-apple-31215">recent hacking into Apple’s iCloud</a> allowing access to celebrities’ private nude photos that such digital storage facilities are not as secure as many users assume. </p>
<p>A <a href="https://www.privacyrights.org/mobile-medical-apps-privacy-consumer-report.pdf">report</a> published by the US Privacy Rights Clearinghouse found that mobile health and fitness app developers often have no privacy policy and send the data uploaded by app users to undisclosed third parties. Few of these developers encrypted all data connections and transmissions between the app and developer’s website.</p>
<p>In response to concerns about self-trackers’ control of their personal data there have been calls for better access. One of the founders of the Quantified Self movement, Gary Wolf, recently released <a href="http://quantifiedself.com/2014/09/access-matters/">a statement</a> on its website announcing a campaign on this issue. He wrote that: </p>
<blockquote>
<p>Now is the time to work hard to insure that the data we collect about ourselves using any kind of commercial, noncommercial, medical, or social service ought to be accessible to ourselves, as well as to our families, caregivers, and collaborators, in common formats using convenient protocols.</p>
</blockquote>
<p>While this is a worthy initiative, the question remains as to how users can challenge the vast power of the internet empires like Apple, Google and Facebook. </p>
<p>People need to think twice before downloading apps or using wearable devices if they are concerned about what happens to their personal health and medical information. </p>
<p>Read privacy policies and terms of use statements carefully for what they reveal about the developers’ use of personal data. If, as so often is the case, the developer does not include these details, then it may simply be a case of “user beware”.</p><img src="https://counter.theconversation.com/content/31283/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Deborah Lupton does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>People interested in tracking their health, physical activity levels and body functions can now choose from a plethora of sensor-embedded digital gadgets to monitor and measure their bodies. But the big…Deborah Lupton, Centenary Research Professor, University of CanberraLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/274462014-06-03T05:35:15Z2014-06-03T05:35:15ZWhat Apple did (and didn’t) say at WWDC 2014<figure><img src="https://images.theconversation.com/files/50078/original/kyz4q359-1401770651.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Apple has become good at integrating its platforms but missing from its annual conference were substantial hardware innovations. </span> <span class="attribution"><span class="source">AAP/EPA/John G Mabanglo</span></span></figcaption></figure><p>Apple’s <a href="https://developer.apple.com/wwdc/">Worldwide Developers Conference</a> is one of the two main events of the year where Apple gives pause to the rumour mill about its future plans and tells all. Well, almost all. Although Apple has launched new hardware at these events in the past, in recent years WWDC has been reserved for announcements about the key features that will be appearing in its software platforms for its mobile phones, tablets and computers.</p>
<p>The importance of the WWDC’s keynote event is how it serves to confirm the technologies Apple believes are important and potentially how the company will continue to generate revenue growth. But Apple has continued to disappoint both its investors and the wider public with its seeming unwillingness to be a leader in technologies, a ground being increasingly occupied by companies like Google and Samsung. </p>
<p>This year proved to be no different. Apple CEO Tim Cook outlined an upgrade to Mac OS X, as well as the features of its operating system iOS8 - as well as the introduction of Swift, a new programming language for apps. What these all show is that Apple has become very good at incrementally improving their products and bringing their mobile and PC platforms ever closer together.</p>
<p>But missing were <a href="http://www.gizmodo.com.au/2014/06/apple-wwdc-2013-live-blog-follow-all-the-news-as-it-happenes/">any new hardware announcements</a>. In fact, on this level, the keynote was more significant for what it didn’t announce than what it did, as I’ll explain a little later.</p>
<h2>Apple Mac OS X 10.10 Yosemite</h2>
<p>Apple’s Mac OS X gets an upgrade, with the next version to be called Yosemite. The user interface has changed to become more like iOS 7 with icons losing their 3D texture and becoming flat. Thankfully the redesign seems to have stopped short of the candy coloured theme of iOS. </p>
<p>The functional changes are welcome even if they are providing functionality already available in other products like Gmail and DropBox. Apple has introduced its own version of DropBox, for example, called iCloud Drive. The prices of storage on iCloud Drive may cause some concern for DropBox, but Apple has tried cloud storage before and struggled to match the feature development of others in this space. A new feature called Continuity allows tasks like writing mail to be started on a Mac and continued on an iPad and vice versa. AirDrop, a feature to share files will now work between Macs and iPhones/iPads.</p>
<h2>iOS 8</h2>
<p>The big announcement with iOS 8 is the introduction of support for home automation integration called HomeKit and a health data integration environment called HealthKit. These platforms are similar in concept to PassBook, Apple’s platform for handling tickets and vouchers. They rely on other companies to support the platform and use an Apple provided application to summarise the information and present it to the user. It is worth noting that the HealthKit is really aimed at the personal fitness market rather than personal health, despite the mention of a collaboration with the Mayo Clinic to incorporate blood pressure measurements. Apple will be hoping that these new platforms will achieve a greater level of engagement than PassBook did.</p>
<p>Apple has added a number of other tweaks to iOS. More can be done in the notification centre without opening the app. Photos are automatically backed up to iCloud and there are more search and editing functions. New for Apple is more sophisticated predictive text and the ability to integrate custom keyboard software, a feature that has been available in Android phones for some time.</p>
<h2>Swift, a new development language</h2>
<p>Probably the most surprising announcement was the introduction to Swift, a new programming language that aims to make development of apps on the Apple platform easier. Apple now joins Google and Microsoft in inventing its own development language. Although it will undoubtedly attract some developers, it now presents a challenge for existing developers to re-learn the language and of course the language is specific to the Apple platform.</p>
<h2>So what wasn’t announced?</h2>
<p><strong>No iWatch or wearables development kit.</strong> There was no suggestion that Apple was preparing to enter the wearables market with a watch for example. Unlike Google who announced a software platform <a href="http://developer.android.com/wear/index.html?utm_source=ausdroid.net">Android Wear</a> for third party manufacturers, Apple didn’t announce anything similar.</p>
<p><strong>No payment platform.</strong> Apple has steadfastly avoided supporting NFC technology in its phones that would allow banks and other companies to use this technology for mobile payments. This has been long <a href="http://www.wired.co.uk/news/archive/2014-06/02/apple-wwdc-preview">held</a> to be because it was developing its own payment platform but if it is, then this isn’t the year for it.</p>
<p><strong>No cross-platform.</strong> One issue with the changes that Apple has introduced is that they will be irrelevant to many people who do not use Apple for their personal computing as well as for mobile. Of course, Apple wants to make using its technology throughout as attractive as possible by offering a tighter integration. There is a fine line however between providing incentives and added functionality to a platform and creating a situation where the individual parts become less than the whole. </p>
<p>With the continued <a href="http://www.idc.com/getdoc.jsp?containerId=prUS24676414">dominance</a> of Android globally, picking platforms and technologies that are specific to Apple will become harder and reminiscent of the decision facing developers when choosing to write software for Windows or the Mac. </p><img src="https://counter.theconversation.com/content/27446/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Glance does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Apple’s Worldwide Developers Conference is one of the two main events of the year where Apple gives pause to the rumour mill about its future plans and tells all. Well, almost all. Although Apple has launched…David Glance, Director of Innovation, Faculty of Arts, Director of Centre for Software Practice, The University of Western AustraliaLicensed as Creative Commons – attribution, no derivatives.