Now that the IPhone6 has been available (in some markets at least), I would really like to know if someone has any information (or even tried) if the NFC chip inside the IPhone6 can be detected by an external reader? And in case it is possible, how much info can be read?
I know that there is currently no API access to NFC for IOS apps, so I would like to go a different route for now and simply identify an IPhone6 by holding it onto an external NFC reader.
In theory, the answer should be yes: iPhone 6 works in card emulation mode, so it must present itself to a reader as a card.
The readable info is not probably much, but at least you should be able to poll the existence of the payment app - sending SELECT APDUs (APDUs = commands to interact with smart cards such as the one being emulated by the iPhone) to known applications.
By sending an empty SELECT or a SELECT targeting the Issuer Security Domain (a management application which AID is usually A000000151000000 or A000000003000000) the card should answer with a data structure with information about the card or the chip.
Now I just need to get my hands on one and test it...
You can read the UUID, however it is randomized each time, making it useless for identifying the device.
See https://youtu.be/LmjpO4evkw0 and http://flomio.com/2014/10/apple-pay-makes-nfc-relevant/ for further information
Related
I'm unable to figure out why there are random codes being shown in various places on this website. It doesn't happen on other websites. It also doesn't seem to happen on Android devices. It doesn't happen when connected to WiFi. On one iPhone with iOS8 it doesn't have it, but on another it does. On another iPhone with IOS7, it has it. I can't make any sense out of the codes. Any ideas?
See image here: http://i.stack.imgur.com/IdblN.png
http://arstechnica.com/security/2014/10/verizon-wireless-injects-identifiers-link-its-users-to-web-requests/
As your comment suggests you might be seeing a tracking ID from your ISP, AT&T in this case.
Verizon uses the UIDH field which identifies someone to Ad services. It is essentially double-dipping, when the customer is also the product. Not to mention some website receives this header, combines user-provided data with the field, then selling this to someone else... Easiest data-collection strategy of their lives.
I am researching how to create an app for my work that allows clients to download the app (preferably via the app store) and using some sort of wifi triangulation/fingerprints be able to determine their location for essentially an interactive tour.
Now, my question specifically is what is the best route to take for the iPhone? None of the clients will be expected to have jail broken iPhones.
To my understanding this requires the use of the wifi data which is a private api therefore not meeting the app store requirements. The biggest question I have is how does American Museum of Natural History get away with using the same technology, but still available on the app store?
if you're unfamiliar with American Museum of Natural History interactive tour app, see here:
http://itunes.apple.com/us/app/amnh-explorer/id381227123?mt=8
Thank you for any clarification you can provide.
I'm one of the developers of the AMNH Explorer app you're referencing.
Explorer uses the Cisco "Mobility Services Engine" (MSE) behind the scenes to determine its location. This is part of their Cisco wifi installation. The network itself listens for devices in the museum and estimates their position via Wifi triangulation. We do a bit of work in the app to "ask" the MSE for our current location.
Doing this work on the network side was (and still is) the only available option for iOS since, as you've found, the wifi scanning functions are considered to be private APIs.
If you'd like to build your own system and mobile app for doing something similar, you might start with the MSE.
Alternatively, we've built the same tech from Explorer into a new platform called Meridian which provides location-based services on both iOS and Android. Definitely get in touch with us via the website if you're interested in building on that.
Update 6/1/2017
Thought I would update this old answer - AMNH is no longer using the Wifi-based system I describe above, as of a few years ago. They now use an installation of a few hundred battery-powered Bluetooth Beacons (also provided by Meridian). The device (iOS or Android) scans for nearby beacons and, based on their known locations and RSSI values, triangulates a position. You can read more about it in this article.
Navizon offers an indoor positioning solution that works for iOS as well as any other platform. You can check it out here:
http://www.navizon.com/product-navizon-indoor-triangulation-system
It works by triangulating the WiFi signals transmitted by the device. Since it doesn't require an app to run on the phone, it bypasses the iOS limitations and can locate any other WiFi device for that matter.
Google recently launched an API called Maps Geolocation API. You can use it for indoor tracking of devices, which essentially can be used to achieve something similar to what AMNH's app does.
I would do this using Augmented Reality. There is a system sort of in place for this, the idea being that you place physical markers that have virtual information associated with them. I believe the system I saw was a type of bar code. When a user holds up the phone with the app, the app uses the camera to read the code and then display information. This could easily be used to make a virtual tour type app distributable through the app store and not even require a WIFI or 3/4G connection. This assumes that you simply load your information and store it locally with your app. Then to update it you simply push an update through the app store. Another solution is to use a SOAP/REST service and provide the information in that way, and this does not use private API's, though it does require some form of internet connection. For this you can see a question I asked about this topic a little bit ago:
SOAP/XML Tutorials Question
In addition, you could load a map of your tour location, and based on what code is scanned you can locate the user on the map and give suggested routes based on interests etc.
I found this tutorial recently on augmented reality, I haven't gone through it, but if its anything like the rest of Ray's tutorials, it will be extremely helpful.
http://www.raywenderlich.com/3997/introduction-to-augmented-reality-on-the-iphone
I'll stick around to clarify any questions or other concerns you may have with your app.
To augment the original answer for devs who were using Cisco MSE for indoor location - now they have an iOS and Android SDK which enables you to do indoor location using the MSE. A simulator can be used as well to develop the app without implementing the infrastructure to start with : https://developer.cisco.com/site/cmx-mobility-services/downloads/
For indoor location you can use Bluetooth LE beacons since it's a very accessible technology nowadays, there are several methods:
Trilateration: it uses 3 beacons, but with the noise and attenuation of Bluetooth signals, it gets quite difficult to determine the exact position and also it's not easy to use more than 3 beacons to increase accuracy.
Levenberg Marquadt method: used to solve non-linear squares problems showed good results on indoor positioning.
Dead Reckoning method: using the motion co-processor of the device, giving an initial position you can calculate the moving path of the device. Not that easy to implement anyway.
I wrote a post on the topic, you can find more info here: http://bits.citrusbyte.com/indoor-positioning-with-beacons/
And you can use this iOS app for your own indoor positioning experiments: https://github.com/citrusbyte/beacons-positioning
I doubt the American Museum is actually using private APIS; you'll probably find the routers that have been setup serve different responses to each other, so the app can detect it's position in the museum.
If you are looking for a cheaper to way to do the same task, you could have signs with QR codes, and use an open source library to let users scan these barcodes as they move through the museum, and update the onscreen content accordingly. On an even more low tech level, you can just tag each area with unique numbers, and distinguish that way.
I want to build an app that can communicate to some external third party hardware. I come to know that External Accessory framework can help me out in that, but I have few confusions……
Do I need to register ‘Made For iPod’ program before I start?
Do I need the third party hardware before I start, or I can start without hardware?
Is there any alternative to test the app, if the hardware is not currently available?
You could do that. But they don't approve everyone who registers like in the iOS program. It takes (in my experience) a lot of time and they have requirements that not everybody can met. You don't need to apply if the hardware is ready. The MFI program is for hardware developers. If you don't make hardware I wouldn't even try to get into MFI. It's a waste of time and money.
If you write an official app for the accessory, the company that makes it should give you a prototype so you can get started ASAP.
I would highly suggest to get the hardware. And if this is the first accessory project for you and the company then I would consider to go there and start writing the basic code on site, where you can get your hands on the developer.
The communication works with streams. I never tried it but I think you could write the whole protocol specific communication with network connections and then replace the networking stuff with the EASession once you have the hardware.
If you want to test the External Accessory framework you should have a look at EADemo. I never tried (and I don't have a accessory near me to test) but I think this should work with all accessories. But in my opinion everything EA Framework related is the easy part of the whole process.
Summary: Get the hardware. If you'll get the hardware in two weeks do the User Interface part now. If you can't get your hands on the accessory within two weeks you should beg for a prototype.
Regarding your comment to the other question: Test equipment is available when you are a member of MfI.
If you want legitimately produce and certify your third party hardware, you will need to apply for 'Made For iPod’ program. You will get and API and documentation to do that.
Unfortunately your chances to be approved are very low.
I'm working on an enterprise iPhone application for a client, the issue at hand is customer information will show up on the phone. My client is worried that the information could be caught using the iphone screen capture feature (home + power button), then emailed or synced from the phone. Is there any way to disable the screen capture feature? Can this be done programatically or is is possible through a configuration profile?
if your customer could retain the ownership of a handset, they can restrict Screen Capture feature using iPhone Configuration Utility. Make sure you don't give these phones to any one outside of this organization, otherwise you are in violation of your Enterprise legal agreement with Apple.
Since this is for an enterprise app, perhaps you could put a transparent overlay view atop everything, that in a drawRect went opaque when it detected the layer was being asked to render for a screen shot (perhaps by looking back up the stack trace?)
You might try setting debug points in every possible view and layer drawing methods, and see if anything is triggered by a screenshot.
Screen capture can be enabled/disabled for iPads/iPhones that are managed via the iPhone OS Configuration Utility. See page 33 at http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf where it says:
** Allow screen capture: When this option is turned off, users are unable to save a
screenshot of the display.*
In other words, in enterprise deployments where the "customer" owns the iPads (or requires employee-owned devices to be configured by IT) screen capture can be suppressed at a device level.
It's also possible to detect if screen capture has happened and to record this (so perhaps a manager can pay a friendly visit).
It is not possible to suppress screen capture under program control. Apple prefers to exercise tight control and grudgingly yields a bit to enterprises. It doesn't yield much to developers. (How do you like being a sharecropper on Apple's plantations?)
Seriously, there are good reasons to control screen capture. In the education space, we'd like to use iPads as secure testing devices. In a proctored test environment, the proctor can make sure a student doesn't have a camera or notepapers to carry away test questions. Therefore the major remaining risk to test item security is the screen capture. If you couldn't suppress it, students could quickly snap every test question they encounter and email them to their buddies (or post them online or sell them to a test-prep company).
For random consumer iPads used under uncontrolled conditions, developers don't have this capability. Them's the breaks :-).
No, there isn't. The user is always able to perform this function.
Yes, you can do this in at least two ways. Internet Testing Systems (ITS) of Baltimore has an iPad testing app in the store, interestingly it is "PEARSON NNAT2 -Stanford 10 - OLSATS", a Pearson app that can be used to take any of these three tests. see https://itunes.apple.com/us/app/pearson-nnat2-stanford10-olsat8/id546817211?mt=8 -- it is free and you can download it.
If you simply require your user to put the device into Guided Access mode after starting the app and before proceeding, using UIAccessibilityIsGuidedAccessEnabled(), you can then prevent the user from using "print screen" -- OR from switching to any other task. Examsoft is a vendor that uses this approach.
These features are generally of concern to test publishers and assessment delivery vendors; I have a blog post and screen shots the ITS approach, and code to emulate the Examsoft approach, here: http://mindstormtools.com/2013/02/23/ipads-for-assessment-test-delivery-profile/ and http://mindstormtools.com/2013/02/20/ipads-for-assessment-guided-access/
I'm working on an enterprise iPhone application for a client, the issue at hand is customer information will show up on the phone. My client is worried that the information could be caught using the iphone screen capture feature (home + power button), then emailed or synced from the phone. Is there any way to disable the screen capture feature? Can this be done programatically or is is possible through a configuration profile?
if your customer could retain the ownership of a handset, they can restrict Screen Capture feature using iPhone Configuration Utility. Make sure you don't give these phones to any one outside of this organization, otherwise you are in violation of your Enterprise legal agreement with Apple.
Since this is for an enterprise app, perhaps you could put a transparent overlay view atop everything, that in a drawRect went opaque when it detected the layer was being asked to render for a screen shot (perhaps by looking back up the stack trace?)
You might try setting debug points in every possible view and layer drawing methods, and see if anything is triggered by a screenshot.
Screen capture can be enabled/disabled for iPads/iPhones that are managed via the iPhone OS Configuration Utility. See page 33 at http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf where it says:
** Allow screen capture: When this option is turned off, users are unable to save a
screenshot of the display.*
In other words, in enterprise deployments where the "customer" owns the iPads (or requires employee-owned devices to be configured by IT) screen capture can be suppressed at a device level.
It's also possible to detect if screen capture has happened and to record this (so perhaps a manager can pay a friendly visit).
It is not possible to suppress screen capture under program control. Apple prefers to exercise tight control and grudgingly yields a bit to enterprises. It doesn't yield much to developers. (How do you like being a sharecropper on Apple's plantations?)
Seriously, there are good reasons to control screen capture. In the education space, we'd like to use iPads as secure testing devices. In a proctored test environment, the proctor can make sure a student doesn't have a camera or notepapers to carry away test questions. Therefore the major remaining risk to test item security is the screen capture. If you couldn't suppress it, students could quickly snap every test question they encounter and email them to their buddies (or post them online or sell them to a test-prep company).
For random consumer iPads used under uncontrolled conditions, developers don't have this capability. Them's the breaks :-).
No, there isn't. The user is always able to perform this function.
Yes, you can do this in at least two ways. Internet Testing Systems (ITS) of Baltimore has an iPad testing app in the store, interestingly it is "PEARSON NNAT2 -Stanford 10 - OLSATS", a Pearson app that can be used to take any of these three tests. see https://itunes.apple.com/us/app/pearson-nnat2-stanford10-olsat8/id546817211?mt=8 -- it is free and you can download it.
If you simply require your user to put the device into Guided Access mode after starting the app and before proceeding, using UIAccessibilityIsGuidedAccessEnabled(), you can then prevent the user from using "print screen" -- OR from switching to any other task. Examsoft is a vendor that uses this approach.
These features are generally of concern to test publishers and assessment delivery vendors; I have a blog post and screen shots the ITS approach, and code to emulate the Examsoft approach, here: http://mindstormtools.com/2013/02/23/ipads-for-assessment-test-delivery-profile/ and http://mindstormtools.com/2013/02/20/ipads-for-assessment-guided-access/