Skype on iOS has a big hole that can send your AddressBook to a hacker [video]

Security firm SuperEVR posts a video of their exploit which always makes it more real/scary.

I found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, “about:blank” or “skype-randomtoken”, but in this case it is actually set to “file://”. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.

I imagine the iPad app is also susceptible .

TechCrunch notes:

Skype says it is aware of the security issue, and had issued the following statement:

“We are working hard to fix this reported issue in our next planned release which we hope to roll out imminently. In the meantime we always recommend people exercise caution in only accepting friend requests from people they know and practice common sense internet security as always.”

The non-patronizing first sentence would have been sufficient, Skype.

Skype is on a #Winning streak since it got bought by Microsoft earlier this year.

Apple killing developer access to UDID in iOS 5

As noted by TechCrunch, Apple has alerted developers in recent documentation that it is in the process of deprecating access to the uniqueidentifier alphanumeric string that is unique to each iOS device.

Apple recommends developers create a UDID specific to apps.

Obviously,  UDIDs were a security threat as marketers and advertisers (and worse) could follow your usage patterns and gather data through different apps.

Apple likely will continue to use the UDID for its iAds, GameCenter, subscriptions and other services it offers across iOS devices, or so one industry CEO thinks:

 “I guarantee Apple will not stop using UDID,” predicts one mobile industry CEO. If Apple does continue to use UDID for itself but denies it to developers that would be an “extremely lopsided change.” It would give Game Center and iAds yet one more advantage over competing third-party services.”

Read more

Kindle goes cloud with Kindle Cloud Reader, works great on the iPad

Screenshot of web app courtesy of @drbuk

As reported by TechCrunch, Amazon has released a new Kindle Cloud Reader service. The service allows users of both Macs and PCs running either Safari or Google Chrome to read their Kindle books online. Better yet, the service works on iPad’s Mobile Safari. A feature that owners of WiFi-only iPads will enjoy is page caching for offline reading.

Notably, this is a great solution for Amazon to work around Apple’s in-app-purchase requirements for applications that offer purchases. In fact, what better way to spur Web innovation than to force people out of the store?  Good job Apple!

Full Press release follows:

Read more

Native iPad app discovered in Facebook for iPhone

TechCrunch has discovered that the Facebook for iPhone app contains hidden iPad code and has published a series of screenshots to prove it. Author MG Siegler acknowledges 9to5Mac’s similar discoveries stemming from code hooks in Apple’s software (thanks, guys!), noting that the iPad app is already there in the current version of Facebook for iOS app, ready to be put to use whenever Facebook sees fit:

Hidden in the code of Facebook’s iPhone app is the code for something else. Something everyone has been waiting over a year for. The iPad app. Yes, it’s real, and it’s spectacular (well, very good, at the very least). And yes, it really is right there within the code. Even better, it’s executable. (Update: a lot of pictures here.)

Much of the code is written with HTML5, Siegler observes, but nonentheless the experience of running the app on a 9.7-inch iPad feels as native as it can get. Using the left-hand menu and pop-overs you can access Facebook’s many option at any time while being focused on the news from your friends. Turning the tablet upside down invokes Facebook’s chat and the photo viewer feels like Apple’s native Photos app. You can enable the iPad view on your jailbroken tablet by following a step-by-step guide by iClarified. Those that don’t want to jailbreak can still enable the iPad view using this simple tutorial. A couple more screenies and a clip demonstrating how to get the iPad app right below the fold.

Read more

Facebook’s upcoming Spartan project detailed

Facebook is having an event tomorrow which many believe is a Skype tie in, which could lead to a Skype iPad app or a Facebook iPad app, or both! in one?!  That’s well and good, but  TechCrunch takes a look at some of the upcoming features of a bigger project that might also receive a mention tomorrow: Project Spartan.

It seems a bit sensationalized, but it comes off like this: Sometime in late July (soon!), Facebook will reveal a HTML5 platform with automatic Facebook logins using a new set of APIs which make a great iOS/Android social gaming platform.  Facebook has a few developers signed up already, Zynga is probably one of them.

Notes one developer:

Facebook wants a cut of the Apple’s mobile app market, that’s been clear this entire time. Perhaps it’s not war against Apple — maybe Apple is just going to ‘gift’ Facebook the share of their market (the HTML5 share) in exchange an alliance being formed whereby Apple get’s some exclusive access to Facebook’s 600 million-plus users and thereby cutting out Google (exclusive to some degree, Facebook is too open for it to be fully exclusive). In this theory, it’s not Facebook Spartans vs. Apple, it’s Facebook/Apple Spartans Vs Google.

The Spartans have been told to code specifically for the iOS flavors of Safari — both iPhone and iPad.

So, it sounds like Facebook is going to build a nice HTML5 platform (like Chrome) for social gaming. Hopefully one of the games is 300.

Facebook planning 'Project Spartan' attack on Apple's App Store?

TechCrunch continues their profiling of Facebook (once) secret projects with news that Zuckerberg and company plan a web-based alternative web store to Apple’s App Store for iOS devices.

Dubbed Project Spartan, the project is a framework for apps that would use social hooks and work inside of Facebook’s ecosystem.

As we understand it, Project Spartan is the codename for a new platform Facebook is on verge of launching. It’s entirely HTML5-based and the aim is to reach some 100 million users in a key place: mobile. More specifically, the initial target is both surprising and awesome: mobile Safari.

Yes, Facebook is about to launch a mobile platform aimed squarely at working on the iPhone (and iPad). But it won’t be distributed through the App Store as a native application, it will be entirely HTML5-based and work in Safari. Why? Because it’s the one area of the device that Facebook will be able to control (or mostly control).

Project Spartan will also be available on Android but according to TechCrunch, Facebook has Apple in its sights first.

As of right now, there are believed to be 80 or so outside developers working with Facebook on Project Spartan. These teams are working on apps for the platform that range from games to news-reading apps. Some of the names should be familiar: Zynga and Huffington Post (owned by our parent AOL), for example. The goal is to have these apps ready to roll in the next few weeks for a formal unveiling shortly thereafter.

‘Project Trojan’ sounds like a better name.

Read more