I'm trying to develop an app (profanity filter) that would allow me to scan incoming traffic/packets coming into an iPhone before it goes to an app such as Facebook, Twitter, Text Messaging, etc. Is this possible and if so, could someone please provide me with a starting point?
It's not possible on non-jailbroken phone, unfortunately.
To do so, you need access to network stack (so that you're able to pass through or discard packets). This is commonly done in kernel space of OS (pf, osx firewall, littlesnich are examples). There's no way to get into kernel space on vanilla iOS device.
It's highly unlikely that there is any code that would pass Apple's muster that would let you launch a man-in-the-middle attack on other apps, at least I hope there isn't. That approach pretty much blows the whole sandbox protection right out of the water.
Related
I need to create and App that will run in the background and will monitor the user's behavior in term of applications installed, opened and deleted.
i.e Application will save the information in the database that at what time user has installed/opened/deleted an application in iphone.
I wonder if its possible and Apple will allow this??
I tried to google on it but did not get anything, i know if its possible then it would be possible by multiasking only??
Can any one please help me on the same.
Brn
Not possible. Your app can only run when the user chooses to (except for a limited sub-set of tasks like VoIP, etc).
Your app can know nothing about other apps.
iOS apps are sandboxed. I wouldn't say impossible but certainly not allowed. You'd have to find a security hole to give you root access first. Oh, and notify us when you do ;).
Edit:
Maybe it wasn't clear in my post but I was at least half joking. Not sure why you want to do what you want to do. I can imagine the following scenarios:
1) Your company wants to monitor everything their users do on their phones. In that case I would either
a) lock them down and only allow app installation through a company portal (enterprise distribution is possible in iOS) OR
b) forget about iOS alltogether. Blackberry would probably be closer to what you want, although I don't really have experience with that platform. Also, its future is not sure.
2) You're trying to do something illegitimate. Because of iOS's locked down nature it won't be easy. See how few successful attacks there have been in the last years - and that's for a highly successful platform where an attack could be high paying both in terms of money and reputation.
I hope I've posted the question on the right place. Not so sure if it should be here or in ServerFault.Nonetheless thank you for those who will answer.
So we have this project where we want to get the SSIDs and/or MAC addresses of scanned WiFi Networks available via the iPhone (can't change devices now, so no do it on Android answers please). Since via iOS5 it has become completely impossible for non-jailbroken iPhones to do so (not sure) because of new security restrictions, I want to know if the opposite is possible. That is, is there any Access Point available that can record the information of the devices that did a scan, and put it in the syslog?
Or can you please suggest another way? The basic idea is that the iPhone must get a data from another device (in this case WiFi, and we're also thinking about bluetooth) and send it to a server.
EDIT:
I've read that it's possible to get the current SSID using CaptiveNetwork.h, can someone provide me information about this? Thanks.
iphone-wireless project looks like it might fit the bill. Specifically Apple80211GetInfoCopy
Today, the focus of a cell phone's capabilities is drifting away from plain making a phone call.
And somehow, this shows in the API's too. Therefor I'm wondering: if I want to write an app that e.g. pitches up, records, scrambles... an incoming call - you know, the voice on the other side -, what aspect of the API should I use?
I looked into Android, into Windows Phone, iPhone... (briefly), but had no luck. Is this just unintended usage?
This is also not possible with Windows Phone 7. There were, however, API methods for interacting with incoming and outgoing calls and texts in Windows Mobile.
The reason this is not possible in Windows Phone 7 comes down to a deliberate decision around data security and the aim that apps on the phone shouldn't be able to do something without the user specifically knowing about it. This prevents, amongst other things, malicious apps having information about or access to potentially sensitive data.
This is not possible in Android, except maybe via firmware modifications.
There’s no way to do that with the iPhone SDK. It may be possible through jailbreaking, but I’m not familiar enough with it to speak on it.
Given the limited accessibility of in-call audio but ready access to microphone/speaker and data on current smartphones, would probably be easiest to do this as part of a VOIP calling application.
Some of our application is already in AppStore...
But suddenly one thing comes into my mind, that I want to clear before submitting my next application.
The thing is : As a programmer's point of view, should we require to handle if iPhone Device is jailbreaked ? If yes, then how we can tackle with this ?
Thanks in advance....
On a general note, jail-breaking the device is an issue between the user, Apple and potentially the carrier. You are not a side in this relationship, and the user has no contractual obligations to you with regards to their device.
You could choose to attempt detecting jail-broken devices in an attempt to prevent piracy of your app. However:
If the device is jail-broken, there's nothing you can do to reliably verify it's not jail-broken, since none of the OS APIs (including networking) is guaranteed to function as you expect. Your code could be running in a non-jail-broken simulation on top of jail-broken device.
Of course, you could check by attempting to do one of the things you currently know Apple actively prevents apps from doing. However, there's no guarantee that Apple is not going to allow that particular action in future. And, there's the chance that your app might get rejected because you are attempting to do something prohibited by Apple.
There is no official criteria from Apple on what constitutes a jail-broken device and what does not. And even if there was, you are not guaranteed to be notified in a timely manner (or at all) by Apple if they decide to change any such criteria. But even assuming you do get notified somehow, you can't update your app quick enough to avoid falsely detected jail-broken devices, thus potentially denying access to your app to legitimate users.
If you would like to cut off a large group of users, then sure, go ahead and require it.
Unless your application specifically requires it, there should be no reason to force users to have a jailbroken iPhone or a non-jailbroken iPhone.
If you program is legitimate (no private API calls etc), then you should not concern yourself with JB. You don't need to handle anything differently if the users phone has been JB'd. If it has, and your software doesn't run (say memory issues because they are using backgrounder to run 2 other things) then that's their problem not yours. Make your code well behaved, not leak memory, dump cache's etc with memory warnings, and you should be fine.
As you asked for the "programmer's point of view", I'd say: make sure your app runs on as many devices as possible.
Meaning: as long as you app is safe to run on an iPhone whether it's JB or not, I wouldn't care.
One thing I have found, at least early on (not seen it for a while) is that most reports I got of strange behaviour with my app (vConqr) turned out to be from people with jailbroken phones.
That's not to say I think that's good reason to block them. But if you do any sort of custom crash reporting, or other diagnostics it could be useful to log the fact to save time on troubleshooting.
Do a search on the Internet. You'll find several articles that shows some ways you can detect a pirated app. I make no claim on their effectiveness, but I do use some of these in my own apps. These techniques do not try to detect if a phone is jailbroken; they focus on detecting if your app has been tampered with.
I want to write a perlscript on my iPhone that is able to give me a heads up at certain points so I'm wondering how I would go about doing that.
Is there a way to get a message through the gui from a script running in the background? I've been looking without much luck. I had a thought about inserting a fake sms into the sqlite db as a last resort but it seems somewhat unlikely that it would work.
It would be nice to be able to make a push notification style popup appear but that might too much to ask.
Any ideas?
For reasons of security and stability, Apple does not allow scripting languages on the iPhone. You can run them on a jailbroken phone but I'm given to understand it's a hassle.
From the Apple Push Notification Programming Guide:
Note: On a desktop system, a
background process is often the means
whereby users are informed of
downloadable data for an application
that currently isn’t running. But on a
device such as the iPhone, background
applications are, for performance and
security reasons, prohibited. Only one
application may be executing at a
time.
The iPhone is a secure and reliable phone first and a computer second. Computing is sacrificed to ensure a reliable phone.
I found a solution I liked so I decided to share it. I found an app for jailbroken iPhones called GriP - Growl for iPhone. Which changes the way push notifications and other messages are handled. It also makes it possible to send messages from the command line via something along the lines of:
/usr/bin/GriP -t "Title" -d "Description"
It has worked great so far.
Thank you for your help TechZen and molecules.
Do you want information from your phone itself or from an outside source? If you want information from an outside source, you could set up a Perl script on a computer to e-mail yourself notifications (see Sending Email with Perl Best Practice).