Jun 7, 2011

What’s New in iOS 5


The latest version of iOS 5 has finally been announced, and it has a bundle of new features — more than 200, by Apple’s count.
Several of the new features were poached from the best of Apple’s own app store, including reading queue apps like Instapaper, group messaging apps like GroupMe and photo editing apps. There’s also a lot of integration with Apple’s new cloud service iCloud.
The iOS 5 beta software won’t be available to users — at least, those who aren’t in the iOS Developer program — until this fall. At that point, it will be free to download for owners of the iPhone 4, iPhone 3GS, iPad 2, iPad, or the iPod touch (third and fourth generations). We’ve highlighted the most exciting new features below.

Notification Center






With iOS 5, Apple has essentially added a personalized news feed to all of its devices. The feed, which Apple calls the “Notification Center,” can be customized to display things like the current weather, a stock ticker, new emails, texts and friend requests. The feed can be accessed by swiping the top of the screen. You’ll be able to view it while the device is lock mode, much as iOS 4 displays the time and push notifications while locked.

iMessage







iMessage is BBM for Apple products. Like BlackBerry’s once distinguishing feature, it allows you to send unlimited instant messages to other users and to see whether recipients have read them or are typing a response. The new feature allows group messaging as well as photo, video, location and contact sharing. It’s expected to put a dent into the thriving group messaging app startups. The advantage that those apps still have is the ability to instant message phones with multiple operating systems. For now, Apple’s messages can only be sent to others who are using iOS, on iPhones and iPads.

Newsstand







Newsstand is a folder that holds your magazine and newspaper app subscriptions. All purchases go directly to that folder, which displays them on a virtual newsstand, and new issues are automatically downloaded and delivered there. Your newspaper subscriptions will arrive in time for breakfast.

Reminders







Reminders is iOS 5′s to-do list app. The feature includes an option to make items location based. Your phone will, for instance, remind you to pick up the milk when you are at the grocery store. You can sync reminders with iCal, Outlook and iCloud so that a change in one program automatically updates the others.

Deep Twitter Integration






On iOS 5, you can directly tweet from Safari, Photos, Camera, YouTube or maps. Twitter will also work together with contacts in the operating system, making it easy to find a friend’s Twitter handles when you start typing a name. This level of integration is still notably missing for Facebook.

Camera and Photos








Apple iOS makes the iPhone a better camera. You can now open the Camera app directly from the lock screen, which makes it easier to point and click quickly. The app also has more of the features of a regular digital camera: grid lines, single-tap focus and exposure locks. The volume-up button now works as a shutter button.
Apple has also built photo-editing capabilities into its Photos app. This means you can crop, rotate, enhance, and remove red-eye without leaving your camera roll. With iCloud, it’s also possible to automatically load new photos to your desktop, if you prefer to edit them there.

Safari






Apple’s mobile web browser now includes a feature that mimics the capabilities of popular reading queue appInstapaper. Its “Reading List” lets you save articles you want to read later. iCloud pushes these articles to all of your iOS devices, much as Instapaper’s separate desktop and mobile apps allow you to read articles that you save on the go.

Top 10 dangerous Android Security Risks



Last year, Android became the world's second favorite mobile OS, racing past BlackBerry and Apple. 67 million of the nearly 300 million smartphones sold in 2010 were Android-powered devices like the Samsung Galaxy S, Motorola Droid X, and HTC EVO. New Android 3.0 ("Honeycomb") tablets will spur even more growth this year.
As a result, approximately half of enterprises are working to embrace Android devices. One of IT's biggest challenges: Android's consumer roots mean minimal support for enterprise-class security. Here, we consider today's biggest Android security risks and what can be done to mitigate them.
1. AWOL Androids: The top concern about any mobile device is loss. In a Juniper survey, 58 percent of smartphone and tablet users feared not being able to recover lost content. Apple iPhone users can restore nearly everything from iTunes, but Androids are not managed via desktop sync. Data loss can be avoided in two ways. First, install an auto-backup app (e.g., WaveSecureMyBackup) to enable quick restoration of all that matters to you. Second, enroll your Android with one of the many available "find me" services to locate and recover lost devices.
2. Flimsy passwords: If your Android falls into the wrong hands, more is needed to prevent thieves from stealing broadband service, ringing up SMS fees, reading your email, or abusing VPN connections. In Juniper's survey, 3 out of 4 users locked their smartphones. This is an excellent first line of defense, but users need to understand Android's limitations
3. Naked data: A major business risk posed by Android is lack of hardware data encryption. Fortunately, Android 3.0 ("Honeycomb") adds an API to let manufacturers offer encryption and IT enforce use. Unfortunately, existing Androids cannot yet perform hardware encryption. Until self-encrypting Androids appear, stored data can be protected in two ways. First, those remote lock apps and APIs can request remote wipe as well, resetting the device to factory defaults – but only when reachable, without wiping SD card data. For more rigorous protection, enterprises should scramble sensitive data such as email and contacts using self-encrypted apps (e.g., Good for Enterprise,Exchange Touchdown)
4. SMShing: This phishing variant uses texting to trick smartphone users into visiting fraudulent or malicious links. Hackers are now being drawn to Android's popularity and openness. For example, last summer, unlucky SMS recipients were invited to download Trojan-SMS.AndroidOS.FakePlayer, a free Movie Player. Once installed, FakePlayer started texting premium-rate numbers, without user knowledge, ringing up huge bills. To block potentially-costly texts, users can add SMS controls such as SMSLinkGuard. Enterprises may also consider using a Mobile Device Manager (MDM) that can monitor Android wireless expenses (e.g., SMS, roaming).
5. Unsafe surfing: Think web browsing on your Android is safe? Last fall, M.J. Keith showed that a known WebKit browser vulnerability could be exploited on Android 2.0 or 2.1. Thomas Cannon reported an Android 2.2 browser flaw that could give hackers full SD card access. Recently, Google fixed an Android Market cross-site scripting (XSS) vulnerability that enables arbitrary code execution, found by John Oberheide. Unfortunately, Android users cannot quickly patch around bugs, because OS updates are deployed infrequently by carriers. One work-around: Using an app like BadLink Check or TrendMicro to avoid known-malicious websites.
6. Nosy apps: Speaking of the Android Market, telling friend from foe can be hard. According to the App Genome Project, Android Market apps more than doubled in the past 6 months. A whopping 28 percent of those apps now access device location, while 7.5 percent access stored contacts. Do these apps really need to know that info and what are they doing with it? Android apps must request permissions during installation – users need to seriously review those requests, exercise caution, and avoid apps that seem too nosy. To flag intrusive apps already installed on your Android, check out Lookout Mobile Security's Privacy Advisor or Webroot.
7. Repackaged and fraudulent apps: Some apps aren't what they appear to be. Many repackaged apps found on third-party Android markets are legitimate free apps, repackaged to generate ad revenue. But repackaging is also used to implant Android trojans, such as the Android.Pjapps trojan (included in modified versions of the Steamy Windows app) and the Android.Geinimi trojan (turns infected phones into bots). Most of these can be avoided by installing apps only from the Google Android Market. Don't frequent unregulated third-party markets or manually install Android packages from untrusted sources.
But even apps distributed by the Google Android Market receive no official review. Last year, "09Droid" sold about 40 different mobile banking apps at the Android Market. Unfortunately, none were affiliated with those banks. It is unclear whether 09Droid intended to phish for banking passwords, but when banks complained, those fraudulent apps were pulled from the Market. Be very careful when downloading apps that access sensitive accounts. Check with banks or other institutions to confirm apps are distributed by an authorized developer and beware of look-alikes.
8. Android malware: According to traffic analysis by AdaptiveMobile, Android malware spike 400 percent last year. The total is still miniscule compared to other platforms, but more malware is likely to target Android's rapidly-expanding pool of potential victims. When Coverity assessed the Android kernel, it identified 359 code vulnerabilities, 88 of which posed "high risk" of exploitation. Because Android is an open development platform, hackers have ample opportunity to find and learn how to take advantage of these kinds of flaws.
Fortunately, application sandboxing is built into Android to limit potential damage by malicious apps – unless malware breaks out of that sandbox. That is apparently what DroidDream did last month. Hidden inside about 50 Android Market apps, including Sexy Girls, Advanced File Manager, Task Killer Pro, and Advanced Sound Manager, DroidDream "rooted" infected phones, sending IMEI/IMSI and OS version back to a command-and-control server. The "nature of this exploit" so concerned Google that it remotely removed installed apps from an estimated 50K phones. This "kill switch" was a fail-safe measure of last resort, but users can proactively defend themselves using Android anti-malware apps (e.g., Kaspersky, F-Secure).
9. Fake anti-malware: Alas, the fake anti-virus trend sweeping the PC world has now emerged for Android as well. When Google killed DroidDream, it installed a clean-up app called "Android Market Security Tool 2011." Android.Bgserv soon appeared on a third-party Chinese market, pretending to be Google's tool but carrying an SMS trojan. The lesson: Hackers prey on user emotions like fear – don't assume that security apps are legitimate. Check out sellers and read reviews. Enterprises should go further by testing apps in a lab environment, then using an MDM to suggest or auto-install verified safe apps on employee Androids. For example, Sybase Afaria now provides over-the-air app management for Android.
10. Lack of visibility and control: Ultimately, enterprises must embrace Androids – even employee-purchased Androids – so that IT can regain visibility into and control over business activities on these devices. Unlike iOS, Android does not yet offer native MDM to enable third-party device management. However, Android does provide APIs that MDM agent apps can use to read/write settings (e.g., password complexity), query attributes (e.g., installed apps, GPS location), and invoke remote lock or wipe. A bit of this can also be done via Exchange ActiveSync. Either way, IT can enroll Android devices, track their use, and enforce (at least limited) policies. Configurable settings are limited but rapidly expanding – more so for some manufacturers than others. But putting a management framework in place can help you leverage new Android security capabilities as they emerge

Comments system

Disqus Shortname