Latest iOS App Security Best Practices

February 6, 2019 | 80 views

iOS from Apple is one of the most secure platforms. Also, the applications created using this platform are not as vulnerable as those built on other competing mobile platforms. Even then, businesses cannot put code, logic, data, and its communication open for any possible malware activity.

Spotlight

BitVyas Private Limited

BitVyas is a leading provider of software consultancy & development services. We have CoE in Blockchain Technologies, and are working on some niche use cases of blockchain providing solutions at global scale.

OTHER ARTICLES
SOFTWARE

The Revolutionary Power of 5G in Automation and Industry Digitization

Article | July 8, 2022

Fifth-generation (5G) mobile phone networks that can carry data up to 50 times faster than major carriers' current phone networks are now rolling out. But 5G promises to do more than just speed up our phone service and download times. The mobile industry's fifth-generation (5G) networks are being developed and are prepared for deployment. The expansion of IoT and other intelligent automation applications is being significantly fueled by the advancing 5G networks, which are becoming more widely accessible. For advancements in intelligent automation—the Internet of Things (IoT), Artificial Intelligence (AI), driverless cars, virtual reality, blockchain, and future innovations we haven't even considered yet—5 G's lightning-fast connectivity and low-latency are essential. The arrival of 5G represents more than simply a generational shift for the tech sector as a whole. Contributions by 5G Networks For a number of reasons, the manufacturing sector is moving toward digitalization: to increase revenue by better servicing their customers; to increase demand; to outperform the competition; to reduce costs by boosting productivity and efficiency; and to minimize risk by promoting safety and security. The main requirements and obstacles in the digitization industry were recently recognized by a study. Millions of devices with ultra-reliable, robust, immediate connectivity. Gadgets, which are expensive with a long battery life. Asset tracking along the constantly shifting supply chains. Carrying out remote medical operations. Enhancing the purchasing experience with AR/VR. Implementing AI to improve operations across the board or in various departments. The mobile telecommunications requirements of the Internet of Things cannot be met by the current 4G and 4G LTE networks. Compared to current 4G LTE networking technologies, 5G can also offer a solution to the problem and the quickest network data rate with a relatively low cost and greater communication coverage. The 5G network's quick speeds will lead to new technical developments. The upcoming 5G technology will support hundreds of billions of connections, offer transmission speeds of 10 Gbps, and have an extremely low latency of 1 ms. Additionally, it makes rural areas' services more dependable, minimizing service disparities between rural and urban areas. Even though the 5G network is a development of the 4G and 4G LTE networks, it has a whole new network design and features like virtualization that provide more than impressively fast data speeds.

Read More
FUTURE TECH

AI's Impact on Improving Customer Experience

Article | July 14, 2022

To enhance the consumer experience, businesses all over the world are experimenting with artificial intelligenace (AI), machine learning, and advanced analytics. Artificial intelligence (AI) is becoming increasingly popular among marketers and salespeople, and it has become a vital tool for businesses that want to offer their customers a hyper-personalized, outstanding experience. Customer relationship management (CRM) and customer data platform (CDP) software that has been upgraded with AI has made AI accessible to businesses without the exorbitant expenses previously associated with the technology. When AI and machine learning are used in conjunction for collecting and analyzing social, historical, and behavioral data, brands may develop a much more thorough understanding of their customers. In addition, AI can predict client behavior because it continuously learns from the data it analyzes, in contrast to traditional data analytics tools. As a result, businesses may deliver highly pertinent content, boost sales, and enhance the customer experience. Predictive Behavior Analysis and Real-time Decision Making Real-time decisioning is the capacity to act quickly and based on the most up-to-date information available, such as information from a customer's most recent encounter with a company. For instance, Precognitive's Decision-AI uses a combination of AI and machine learning to assess any event in real-time with a response time of less than 200 milliseconds. Precognitive's fraud prevention product includes Decision-AI, which can be implemented using an API on a website. Marketing to customers can be done more successfully by using real-time decisioning. For example, brands may display highly tailored, pertinent content and offer to clients by utilizing AI and real-time decisioning to discover and comprehend a customer's purpose from the data they produce in real-time. By providing deeper insights into what has already happened and what can be done to facilitate a sale through suggestions for related products and accessories, AI and predictive analytics are able to go further than historical data alone. This increases the relevance of the customer experience, increases the likelihood that a sale will be made, and increases the emotional connection that the customer has with a brand.

Read More
FUTURE TECH

The Evolution of Quantum Computing and What its Future Beholds

Article | July 26, 2022

The mechanism of quantum computers will be entirely different from anything we humans have ever created or constructed in the past. Quantum computers, like classical computers, are designed to address problems in the real world. They process data in a unique way, though, which makes them a much more effective machine than any computer in use today. Superposition and entanglement, two fundamental ideas in quantum mechanics, could be used to explain what makes quantum computers unique. The goal of quantum computing research is to find a technique to accelerate the execution of lengthy chains of computer instructions. This method of execution would take advantage of a quantum physics event that is frequently observed but does not appear to make much sense when written out. When this fundamental objective of quantum computing is accomplished, and all theorists are confident works in practice, computing will undoubtedly undergo a revolution. Quantum computing promises that it will enable us to address specific issues that current classical computers cannot resolve in a timely manner. While not a cure-all for all computer issues, quantum computing is adequate for most "needle in a haystack" search and optimization issues. Quantum Computing and Its Deployment Only the big hyperscalers and a few hardware vendors offer quantum computer emulators and limited-sized quantum computers as a cloud service. Quantum computers are used for compute-intensive, non-latency-sensitive issues. Quantum computer architectures can't handle massive data sizes yet. In many circumstances, a hybrid quantum-classical computer is used. Quantum computers don't use much electricity to compute but need cryogenic refrigerators to sustain superconducting temperatures. Networking and Quantum Software Stacks Many quantum computing software stacks virtualize the hardware and build a virtual layer of logical qubits. Software stacks provide compilers that transform high-level programming structures into low-level assembly commands that operate on logical qubits. In addition, software stack suppliers are designing domain-specific application-level templates for quantum computing. The software layer hides complexity without affecting quantum computing hardware performance or mobility.

Read More
FUTURE TECH

Language Models: Emerging Types and Why They Matter

Article | July 7, 2022

Language model systems, often known as text understanding and generation systems, are the newest trend in business. However, not every language model is made equal. A few are starting to take center stage, including massive general-purpose models like OpenAI's GPT-3 and models tailored for specific jobs. There is a third type of model at the edge that is intended to run on Internet of Things devices and workstations but is typically very compressed in size and has few functionalities. Large Language Models Large language models, which can reach tens of petabytes in size, are trained on vast volumes of text data. As a result, they rank among the models with the highest number of parameters, where a "parameter" is a value the model can alter on its own as it gains knowledge. The model's parameters, which are made of components learned from prior training data, fundamentally describe the model's aptitude for solving a particular task, like producing text. Fine-tuned Language Models Compared to their massive language model siblings, fine-tuned models are typically smaller. Examples include OpenAI's Codex, a version of GPT-3 that is specifically tailored for programming jobs. Codex is both smaller than OpenAI and more effective at creating and completing strings of computer code, although it still has billions of parameters. The performance of a model, like its capacity to generate protein sequences or respond to queries, can be improved through fine-tuning. Edge Language Models Edge models, which are intentionally small in size, occasionally take the shape of finely tuned models. To work within certain hardware limits, they are occasionally trained from scratch on modest data sets. In any event, edge models provide several advantages that massive language models simply cannot match, notwithstanding their limitations in some areas. The main factor is cost. There are no cloud usage fees with an edge approach that operates locally and offline. As significant, fine-tuned, and edge language models grow in response to new research, they are likely to encounter hurdles on their way to wider use. For example, compared to training a model from the start, fine-tuning requires less data, but fine-tuning still requires a dataset.

Read More

Spotlight

BitVyas Private Limited

BitVyas is a leading provider of software consultancy & development services. We have CoE in Blockchain Technologies, and are working on some niche use cases of blockchain providing solutions at global scale.

Related News

ANDROID

Evinced Launches Accessibility Tools for iOS and Android Igniting a New Era of Inclusion

Evinced | September 15, 2021

Evinced, a market leading accessibility software company specializing in providing automation to enterprise developers, today announced the launch of the industry's first complete portfolio of products to enable enterprise developers to weave accessibility into their iOS and Android mobile app development process. In recent years, web and mobile app accessibility has become increasingly important to enterprises. Mobile tech giants like Apple and Google have made significant investments in making their core platforms accessible to over a billion people globally living with a disability. However, there has never been a consistent set of accessibility testing tools available across both iOS and Android ecosystems, hindering the ability for enterprises to ensure that the apps they build take advantage of the underlying platform accessibility capabilities. As technology becomes more integrated with our lives than ever before, we risk certain communities feeling overlooked and falling behind. It is imperative that enterprises with mobile apps and the mobile industry at large help pioneer a new era of inclusion with accessibility top of mind. In doing so, we'll build a more connected world, inclusive future, and not to forget, the benefits for enterprises are tremendous. co-founder and CEO Navin Thadani In a Gartner® report, it is stated that, "By 2023, digital products in full Web Content Accessibility Guidelines (WCAG) Level 2 compliance will outperform their market competitors by 50%." Further, it is added, "By 2025, all G20 countries — which account for 90% of the global world product 2 — will establish enforceable legal standards for digital accessibility, leading to a "GDPR moment" in which businesses scramble to achieve compliance." [1] Offering the broadest range of coverage for mobile apps on the market today, Evinced mobile accessibility solutions are built for enterprise scale and can be used by any enterprise developer looking to test a mobile app for critical accessibility issues. Even more distinctive, its products do not require a software development kit (SDK) installation on the target mobile app, can easily be added into an existing continuous integration process, and apps under test can be run on real devices or emulators in a local environment or a device cloud. These features make Evinced the first solution that's easy to use. The product portfolio contains: Flow Analyzer for Mobile: Enables a developer or test engineer user to easily connect their mobile phone (or simulator) to the Evinced desktop client and scan any app for accessibility issues, and generate actionable reports. Software is compatible with native iOS (SwiftUI, UIKit, and React Native) and Android (Android View and ViewGroup, Jetpack Compose and React Native) frameworks. This is offered as a free product for the community. Automation for Mobile: Allows developers to integrate accessibility into existing mobile UI automation tests. Full support for automation for iOS (XCUITest and Appium) and Android (Espresso and Appium). This solution is available for enterprise customers. Mobile experiences continue to be a major focus for Capital One, and the pandemic has illuminated the need for accessible mobile experiences. We applaud Evinced for continuing to innovate new ways to integrate and automate accessibility into every aspect of the software development lifecycle. Mark Penicook, Director of Digital Accessibility, Capital One About Evinced Founded in 2018, Evinced is a web accessibility software company focused on providing accessibility automation to enterprise developers by going beyond legacy static/syntax analysis. Built with advanced rule-sets, computer vision and AI algorithms, Evinced automatically detects and pinpoints accessibility problems and suggests fixes. Leading enterprises use Evinced to weave accessibility into their software development process - including design, development, automated testing and production/compliance monitoring.

Read More

Apple Fixes Passcode, Remote Code Execution Flaws in iOS and macOS

eWeek | December 06, 2018

In what is likely to be the final Apple security update for 2018, macOS 10.14.2 and iOS 12.1.1 are now available, fixing multiple flaws across the desktop and mobile operating systems. Apple released a series of updates on Dec. 5 to its desktop and mobile operating systems, patching serious vulnerabilities that could have exposed users to risk. Among the updates released by Apple are iOS 12.1.1, macOS Mojave 10.14.2 and Safari 12.0.2. The bugs fixed across the updates include privilege escalation, arbitrary code execution, memory corruption and denial-of-service flaws. In iOS 12.1.1, one of the most impactful issues patched is a passcode bypass one with the FaceTime conferencing application. "A local attacker may be able to view contacts from the lock screen," Apple wrote in its advisory for the FaceTime vulnerability, which is also identified as CVE-2018-4430. "A lock screen issue allowed access to contacts on a locked device." The CVE-2018-4430 flaw was discovered by security researcher Jose Rodriguez, who had actually posted a video of how the bypass works on Oct. 30. "With the release of iOS 12.1 on October 30, Apple left NOT PROTECTED by passcode, easily accessible, YOUR CONTACT INFORMATION (your personal phone numbers, your email address, your pic) that your friends, family, mates, colleagues ... have about you in their iPhones," Rodriguez wrote in the video description. Also of note in the iOS 12.1.1 update is CVE-2018-4446, a flaw in the File Provider capability that could have enabled unauthorized information disclosure. "A malicious application may be able to learn information about the presence of other applications on the device," Apple warned in its advisory.

Read More

iOS 12 Brings Patches for 16 Security Vulnerabilities

SecurityWeek | September 18, 2018

Apple this week officially released iOS 12, which patches various vulnerabilities in the mobile operating system (OS) and brings improved performance and other enhancements. The tech giant also pushed updates for Apple TV 4K and Apple TV (4th generation) and Apple Watch Series 1 and later, with the release of tvOS 12 and watchOS 5. Safari 12 and Apple Support 2.4 for iOS were also released this week. A total of 16 vulnerabilities were addressed with the release of iOS 12, most of which impact only iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. Tracked as CVE-2018-5383, an input validation issue in Bluetooth could allow an attacker in a privileged network position to intercept Bluetooth traffic. It impacts iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation. The remaining flaws affect components such as Accounts, Core Bluetooth, CoreMedia, IOMobileFrameBuffer, iTunes Store, Kernel, Messages, Notes, Safari, SafariViewController, Security, Status Bar, and Wi-Fi. Some of these flaws could allow an app to read a persistent account identifier, execute arbitrary code with system privileges, learn information about the current camera view before being granted camera access, or read restricted memory. Bugs in Messages, Notes, and Safari could allow a local user to discover a user’s deleted messages, notes, or the websites a user has visited. A flaw in iTunes Store could be exploited by an attacker in a privileged network position to spoof password prompts in the iTunes Store.

Read More

ANDROID

Evinced Launches Accessibility Tools for iOS and Android Igniting a New Era of Inclusion

Evinced | September 15, 2021

Evinced, a market leading accessibility software company specializing in providing automation to enterprise developers, today announced the launch of the industry's first complete portfolio of products to enable enterprise developers to weave accessibility into their iOS and Android mobile app development process. In recent years, web and mobile app accessibility has become increasingly important to enterprises. Mobile tech giants like Apple and Google have made significant investments in making their core platforms accessible to over a billion people globally living with a disability. However, there has never been a consistent set of accessibility testing tools available across both iOS and Android ecosystems, hindering the ability for enterprises to ensure that the apps they build take advantage of the underlying platform accessibility capabilities. As technology becomes more integrated with our lives than ever before, we risk certain communities feeling overlooked and falling behind. It is imperative that enterprises with mobile apps and the mobile industry at large help pioneer a new era of inclusion with accessibility top of mind. In doing so, we'll build a more connected world, inclusive future, and not to forget, the benefits for enterprises are tremendous. co-founder and CEO Navin Thadani In a Gartner® report, it is stated that, "By 2023, digital products in full Web Content Accessibility Guidelines (WCAG) Level 2 compliance will outperform their market competitors by 50%." Further, it is added, "By 2025, all G20 countries — which account for 90% of the global world product 2 — will establish enforceable legal standards for digital accessibility, leading to a "GDPR moment" in which businesses scramble to achieve compliance." [1] Offering the broadest range of coverage for mobile apps on the market today, Evinced mobile accessibility solutions are built for enterprise scale and can be used by any enterprise developer looking to test a mobile app for critical accessibility issues. Even more distinctive, its products do not require a software development kit (SDK) installation on the target mobile app, can easily be added into an existing continuous integration process, and apps under test can be run on real devices or emulators in a local environment or a device cloud. These features make Evinced the first solution that's easy to use. The product portfolio contains: Flow Analyzer for Mobile: Enables a developer or test engineer user to easily connect their mobile phone (or simulator) to the Evinced desktop client and scan any app for accessibility issues, and generate actionable reports. Software is compatible with native iOS (SwiftUI, UIKit, and React Native) and Android (Android View and ViewGroup, Jetpack Compose and React Native) frameworks. This is offered as a free product for the community. Automation for Mobile: Allows developers to integrate accessibility into existing mobile UI automation tests. Full support for automation for iOS (XCUITest and Appium) and Android (Espresso and Appium). This solution is available for enterprise customers. Mobile experiences continue to be a major focus for Capital One, and the pandemic has illuminated the need for accessible mobile experiences. We applaud Evinced for continuing to innovate new ways to integrate and automate accessibility into every aspect of the software development lifecycle. Mark Penicook, Director of Digital Accessibility, Capital One About Evinced Founded in 2018, Evinced is a web accessibility software company focused on providing accessibility automation to enterprise developers by going beyond legacy static/syntax analysis. Built with advanced rule-sets, computer vision and AI algorithms, Evinced automatically detects and pinpoints accessibility problems and suggests fixes. Leading enterprises use Evinced to weave accessibility into their software development process - including design, development, automated testing and production/compliance monitoring.

Read More

Apple Fixes Passcode, Remote Code Execution Flaws in iOS and macOS

eWeek | December 06, 2018

In what is likely to be the final Apple security update for 2018, macOS 10.14.2 and iOS 12.1.1 are now available, fixing multiple flaws across the desktop and mobile operating systems. Apple released a series of updates on Dec. 5 to its desktop and mobile operating systems, patching serious vulnerabilities that could have exposed users to risk. Among the updates released by Apple are iOS 12.1.1, macOS Mojave 10.14.2 and Safari 12.0.2. The bugs fixed across the updates include privilege escalation, arbitrary code execution, memory corruption and denial-of-service flaws. In iOS 12.1.1, one of the most impactful issues patched is a passcode bypass one with the FaceTime conferencing application. "A local attacker may be able to view contacts from the lock screen," Apple wrote in its advisory for the FaceTime vulnerability, which is also identified as CVE-2018-4430. "A lock screen issue allowed access to contacts on a locked device." The CVE-2018-4430 flaw was discovered by security researcher Jose Rodriguez, who had actually posted a video of how the bypass works on Oct. 30. "With the release of iOS 12.1 on October 30, Apple left NOT PROTECTED by passcode, easily accessible, YOUR CONTACT INFORMATION (your personal phone numbers, your email address, your pic) that your friends, family, mates, colleagues ... have about you in their iPhones," Rodriguez wrote in the video description. Also of note in the iOS 12.1.1 update is CVE-2018-4446, a flaw in the File Provider capability that could have enabled unauthorized information disclosure. "A malicious application may be able to learn information about the presence of other applications on the device," Apple warned in its advisory.

Read More

iOS 12 Brings Patches for 16 Security Vulnerabilities

SecurityWeek | September 18, 2018

Apple this week officially released iOS 12, which patches various vulnerabilities in the mobile operating system (OS) and brings improved performance and other enhancements. The tech giant also pushed updates for Apple TV 4K and Apple TV (4th generation) and Apple Watch Series 1 and later, with the release of tvOS 12 and watchOS 5. Safari 12 and Apple Support 2.4 for iOS were also released this week. A total of 16 vulnerabilities were addressed with the release of iOS 12, most of which impact only iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. Tracked as CVE-2018-5383, an input validation issue in Bluetooth could allow an attacker in a privileged network position to intercept Bluetooth traffic. It impacts iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation. The remaining flaws affect components such as Accounts, Core Bluetooth, CoreMedia, IOMobileFrameBuffer, iTunes Store, Kernel, Messages, Notes, Safari, SafariViewController, Security, Status Bar, and Wi-Fi. Some of these flaws could allow an app to read a persistent account identifier, execute arbitrary code with system privileges, learn information about the current camera view before being granted camera access, or read restricted memory. Bugs in Messages, Notes, and Safari could allow a local user to discover a user’s deleted messages, notes, or the websites a user has visited. A flaw in iTunes Store could be exploited by an attacker in a privileged network position to spoof password prompts in the iTunes Store.

Read More

Events