Apple responds to complaint over diagnostic 'back doors' in iOS

Apple responds to complaint over diagnostic 'back doors' in iOS
Apple has detailed some of the diagnostic capabilities in iOS following claims from a forensic scientist that such capabilities open up security holes into the operating system.At a security conference last Friday, forensic scientist and author Jonathan Zdziarski said the NSA may have exploited certain features and services in iOS to gather data on potential targets by using back doors built into the operating system. In response, Apple acknowledged in a statement on Monday that specific services allow access to certain data for the purpose of diagnostics but asserted that it has never worked with any government agency to intentionally build back doors into iOS.Related storiesApple: We don't build back doors into our productsApple, IBM cozy up on iOS business appsChina calls Apple's iPhone a national security threatApple patent looks to smarten up the iPhone's security lockSince details of NSA spying programs have emerged via former NSA contractor Edward Snowden, Apple and other tech players have been accused of building back doors into their devices and services. Such security holes would give the government as well as third parties easy access into a company's products for the purpose of capturing user data. The existence of such intentional back doors would damage a company's reputation and sales, so the tech industry has been on the defensive to deny these allegations.In a blog posted on Tuesday, Zdziarski said Apple's seeming admission to these so-called diagnostic back doors opens up privacy weaknesses because they bypass the backup password security offered in iOS. Zdziarski also raised doubts about these back doors by saying, "I don't buy for a minute that these services are intended solely for diagnostics."How has Apple responded? In a technical support document that was modified on Wednesday, Apple attempted to explain how and why the diagnostic capabilities in question are used in iOS. iOS offers the following diagnostic capabilities to help enterprise IT departments, developers, and AppleCare troubleshoot issues.Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.1. com.apple.mobile.pcapdpcapd supports diagnostic packet capture from an iOS device to a trusted computer. This is useful for troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections. You can find more information at developer.apple.com/library/ios/qa/qa1176.2. com.apple.mobile.file_relayfile_relay supports limited copying of diagnostic data from a device. This service is separate from user-generated backups, does not have access to all data on the device, and respects iOS Data Protection. Apple engineering uses file_relay on internal devices to qualify customer configurations. AppleCare, with user consent, can also use this tool to gather relevant diagnostic data from users' devices.3. com.apple.mobile.house_arresthouse_arrest is used by iTunes to transfer documents to and from an iOS device for apps that support this functionality. This is also used by Xcode to assist in the transfer of test data to a device while an app is in development.Apple also pointed to a support document on the familiar "Trust this computer" alert that iOS users receive when they plug their device into a PC. Another support page explains what happens when you sync your data with iTunes.In another blog posted Wednesday, Zdziarski said he gave Apple credit for revealing details about these services and trying to explain why they exist. However, he also said he believes Apple is downplaying the risks of certain services."I wonder if the higher ups at Apple really are aware of how muchnon-diagnostic personal information it copies out, wirelessly, bypassingbackup encryption," Zdziarski said. "All the while that Apple is downplaying it, Isuspect they'll also quietly fix many of the issues I've raised infuture versions. At least I hope so. It would be wildly irresponsiblefor Apple not to address these issues, especially now that the publicknows about them."


Marvel Comics, iPad team-up reviewed

Marvel Comics, iPad team-up reviewed
If you're not familiar with the Marvel app for the iPhone, which is also built on the ComiXology platform, the page zoom resolves into high-resolution close-ups of individual panels. Reading the comic with only one panel visible at a time won't work for all comics out there since many page layouts are more complicated than an array of rectangles, but for pages that use standard formatting the letterboxing view allows the reader a surprising amount of control of tension in the story. How fast you read the comic, and how fast you discover what happens next, is entirely up to you.The panel-by-panel zoom and progression isn't new, but it never looked this good on the iPhone.One drawback from a reading perspective is that the app splits double-page spreads into single pages, where one image covers two sequential pages. That's not a deal-breaker, but it seems an odd defect given that comics from around the world often have double-page spreads. A more important problem has nothing to do with readability, and will likely go unnoticed by many readers. The comics are nonportable. You can not transfer them to your desktop, or even to your iPhone. When you buy them, unlike when you purchase MP3s, you are purchasing them for the iPad only. This may change in the future, but for now this means that your comics are only as good as your iPad is. This is an incredibly restrictive DRM, and unlike movies, music, and books, binds your comics to this particular device in a way never seen before. To me, at least, this is a deal-breaker. Why pay for something that you don't truly own?A minuscule strip at the bottom of the comic lets you navigate pages out of order.Seth Rosenblatt/CNETDespite these hang-ups, there's no doubt that the comics store is just as well-oiled as the comics reader. The Marvel Comics store takes heavy cues from the iTunes store, complete with Cover Flow. This looks fantastic on the iPad, especially with Marvel's brightly colored superhero comics covers a natural fit for the Cover Flow style. Tabs at the top help you narrow down your choices, and tapping a comic will pull up more detailed information on the book. You can download or read it if you've already downloaded it, check out the preview, or see the full series of issues for that title. There's also a "Buy in print" link that takes you to a comic book shop locator, but that's the current extent of outreach to comic book shops.Marvel says that readers will be able to preview three pages from each comic for free. According to a press release from Marvel, the comics currently need to be recolored and "redigitized" before being added to Marvel's catalog, so don't expect new comics on their regular Wednesday street date for the time being. Marvel has said that it expects to have about 500 comics available Saturday, when the iPad reaches the general public. The available comics run the gamut from modern incarnations of Iron Man and multihero stories like Civil War to the first appearance of Spider-Man from 1963.There's no doubt that the Marvel app is a great piece of eye candy. If you don't mind the restrictions it could be the catalyst that gets you reading comics again, or reading them on a computer for the first time. However, not being able to remove your comics from the iPad and read them elsewhere can be a bitter pill to swallow for those who don't like Apple's new paradigm.The Marvel Comics app for the iPad is free. The comics themselves are currently available only as individual issues, and most are $1.99. A small handful are available in full for free.


Apple's iTunes store gets modest facelift

Apple's iTunes store gets modest facelift
At Apple's press event, CEO Steve Jobs showed off what is essentially a modest face lift for iTunes 9. Among its new features are improvements to its Genius software, Facebook integration, music-sharing capabilities and the company's take on the digital album cover.Perhaps the most significant iTunes 9 feature is Apple's latest baby step into music sharing. What Apple calls "Home Sharing" enables iTunes users to drag a song or group of songs across libraries of up to five authorised computers in a household. All the features are available immediately."Home Sharing" is new to iTunes 9(Screenshot by Ty Pendlebury/CNET.com.au)Apple's announcements lacked the jaw-dropping device or service that in the past has spurred big spikes in music sales. The company now appears to be focusing on making incremental gains by helping music buyers find and purchase music, videos and iPhone applications. Dare we say it, but most of Apple's music-related announcements centred on humdrum retail chores.These are not unimportant tasks, at least when one considers that to this point in the evolution of digital music, it is still often difficult for users to wade through the ocean of songs available at online stores to find music they like.Helping customers find what they want "is one of the oldest and most persistent problems in retail", said Mike McGuire, an analyst with research firm Gartner. "The barriers to entry are pretty low and people's allegiances can switch quickly. Digital music is maturing so now it's less about getting people to the site and more about getting old customers to continue using the product."One reason why Apple's event lacked the drama of past releases was that much of the news leaked weeks ago. CNET News reported last Wednesday that Apple would release ready-made ringtones. On Wednesday, Jobs told the audience that the ringtones would sell for US$1.29 and they would be displayed and sold at iTunes in the same way as regular songs.Apple also unveiled the next-generation album cover, which the company originally code-named Cocktail but is now called iTunes LP. Jobs told the audience that CDs helped kill such things as album art, liner notes and other extras that once accompanied albums. He acknowledged that digital music also played a part in doing away with traditional album covers.Jobs said that artists can now have a greater hand in the packaging of the albums they sell on iTunes using video, art and other digital content.As we reported yesterday, the Beatles catalogue is yet to be offered at iTunes. As in years past, a flurry of rumours accompanied the run-up to Apple's event that the Fab Four's music would be offered by iTunes. As reported by CNET and others, no agreement between Apple and Apple Corps, the company that represents the Beatles, has been reached.