Security in iPhone applications - iphone

Is there any nice documentation which explains various security concerns for an iPhone application. This includes network security as well data security within the device.

The network security stuff is pretty generic for any internet-connected app. As to data security including thwarting jailbroken devices there's a new book last month called Hacking and Securing iOS Applications which is quite good.

Related

iOS enterprise distribution MDM vs OTA

We have to deploy an enterprise ios app to employees. I came across multiple ways of doing it (http://www.apple.com/business/accelerator/deploy/app-distribution.html).
Either the MDM or the Over the Air(set up your own server for distribution) suits our need. We have to choose between these two.
I would like to know .....
What are the best MDM tools for distributing an ios enterprise app.
What are the advantages of using MDM tools over direct OTA
Thank you
A lot of this depends on the number of devices you plan on deploying to as well as whether or not you want some sort of "control" over your devices. If you could care less about harvesting the status of each device (offline, online, compliant, etc) in your fleet or controlling security settings, email settings, etc I would say skip MDM altogether. You could easily just setup a landing page (ala an App Store) via HTML, CSS, JS, etc and just have your users hit it to consume the app.
As eluded to above if you DO want to do things like see what devices are online/offline, push specific security rules to them, setup Exchange accounts, remote wipe devices, etc then definitely run with an MDM.
The answer really depends on your environment, what you wish to accomplish and how long you have before your deadline.
Regarding the "tools" everyone is playing by the same set of MDM rules set forth by Apple - the meat of the solution depends solely on how the MDM provider implemented the MDM capabilities. I'd recommend looking into AirWatch or MobileIron but understand that both typically take some spin-up time. If you need a quick solution try one of their SAAS models.
What are the best MDM tools for distributing an ios enterprise app?
Different persons have different thoughts and expectations about MDM. So, "best MDM tools" are different for different users.
I recommend you to refer any online articles (beware, there are paid ones among them) or feature comparison charts like:
Enterprise iOS (seems to be down these days) or
MDM Community
Find the one that best suits you and ask for a demo version. Most of them have a 30-day full feature demo, while some have a 14-day or 15-day demo.
What are the advantages of using MDM tools over direct OTA?
If there are more devices to which apps are to be installed, then I recommend using an MDM software because you can bulk push app to devices with MDM.
Take a look at this list.
OTA is easy to set up but difficult to 'manage'. If you need to do any kind of version control or asset management MDM is your best bet. The alternative is to add this via code in the app itself.

Do desktop applications use the same sandbox idea as ios does

I am writing a report on the differences of mobile development from developing a desktop application. When writing an app for windows, are all contents of an app stored in an application sandbox like in ios or blackberry development?
No; even though environments like Java and .NET "sandbox" their applications, this only deals with the memory of the application while it's running and the sort of resources that can be accessed. iOS sandboxing completely isolates the application, including its storage.
Short answer: No
No so short answer: It depends on the platform you use. Software developed in java use a Sandbox while others don't
It should also be pointed out that Mac OS X Lion provides a method of sandboxing that they encourage using, and will enforce using on apps available through the App Store. There are places to get a more in-depth description, like John Siracusa's great review on Ars Technica (or his extended discussion about it on the Hypercritical podcast), but generally it works on the idea of priveledge separation. Each process requests access to the priveledges it needs (e.g., reading from the file system or writing to a network socket). The program is then divided into multiple processes that each only use a small number of priveledges, so if one process is compromised it won't have enough priveledges to do serious damage. Definitely take a look at a more detailed description, it's a pretty interesting security feature.

Will a Safari-based app for iPhone be accepted to the iTunes store?

I'm about to begin development of an iPhone app. The app itself is fairly basic, and I want a speedy turnaround time.
I'm a web developer myself, specialising in traditional web technologies such as PHP/MySQL; I have no experience in Objective-C.
My plan was to create a very basic iPhone app that is just a Safari service that passes some basic variables to a URL. That URL is the app built in PHP and housed on my servers, this way I can create the app very quickly without needing to outsource anything.
My question is whether apps of this nature would be accepted into the iTunes store, or would they be out-right rejected? Anyone's experiences or comments are very welcome.
Thanks
It could go either way, but mind bullet 12.3 from the App Store Review Guidelines:
12.3 Apps that are simply web clippings, content aggregators, or a collection of links, may be rejected
In my opinion, a simple UIWebView wrapper around your web site comes close to the definition of a simple web clipping. Your approval may very well hinge on your luck in drawing a sympathetic reviewer.
It really depends upon your application...These kinds of application have been approved in the past but again I am saying that it depends on many factors.
Try to test your app in every possible manner and also keep in mind the memory issues.
Best of luck!!!
Should be fine - its called a web app and there is software out there that will do just this for you.
All you need to do is to make a UIWebView and put your web app into it.
Also look at http://jqtouch.com. That gives you some idea of what you can do web-side. :)
http://www.netbiscuits.com/559
Native Hybrid Apps
Native apps can interface more deeply
with the mobile handset modules and
sensors to create an even richer
mobile user experience. Netbiscuits
provides pre-build native apps
frameworks for all major mobile
operating systems to be easily
customized for the needs of
enterprises.
Get "2in1" by combining the power of
mobile websites and native apps by
wrapping mobile websites into hybrid
apps and list them easily in all major
app stores of providers like Apple,
Nokia, Google or Samsung to open a new
mobile distribution channel. The
benefits of this approach are fast
time to market, minimized development
and maintenance efforts and maximum
mobile cross-platform technology
coverage.
Yes, it will be accepted as long as you stick with HTML, CSS, JS and Obj-C on the client side. You still need to wrap it in an iPhone app. In my experience, the best way to this is to use http://www.phonegap.com/ or a similar framework.
You'll have the option of deploying you app through iTunes or as a regular web app (you users will be able to create a link to your web app right on their springboards)
It SHOULD be accepted, granted you test test test and make it look just like a native application. Also you'll have to make sure that your server is never down, or if the application can't reach it just display an error message. You also have to keep in mind that there are a lot of iPod Touch users, and they don't have access to the internet all the time. Which means that chances are you'll get a BUNCH of 1 star reviews

Private iPhone apps?

I am interested in writing apps that connect to the intranet or an extranet. In other words, I would like to make private apps for my clients, but I don't want everybody able to access it and be able to download it. Do you know if there is a way to distribute enterprise apps only to a certain people? Does Android do the same thing?
The iPhone Enterprise Developer Program is targeting exactly this scenario. It allows building and distributing apps outside of the AppStore. It does cost $299 instead of $99, however; and it's available for companies with 500+ employees and Dun&Bradstreet number only. If you are small shop working for big clients, you might want to talk with them enorolling in that program so you can develop the app for them.
Update: As #lifeIsGood commented, it looks like Apple has lifted the 500+ employees requirement. At least it's not mentioned anywhere on the Enterprise Developer Program or the Choose an iOS Developer Program comparison page.
They have also added a Custom B2B Apps distribution mechanism, which seems to target the exact scenario the OP asked about.
The answer is.... sort of. You can create ad hoc distribution, but you are limited to 100 total devices in your list. So, 100 customers. Or, you can sign up for an enterprise license, but to do so your company must have 500 employees (there may be other restrictions there too).
[edit]
One suggestion might be to create your application as SaaS - and charge for the connection/data store
[/edit]
I've been looking into this too. I don't think there's a good way to do this with objective-c, but I do believe this can be done well with HTML5.
I'm reading this book http://building-iphone-apps.labs.oreilly.com/
The iPhone supports the web databases, offline apps, and with the webkit part you get icons so your app can look like a real iphone app and be distributed from a web site.
I don't know much about Android...
For Android, all you do is download the apk file to the phone. Then you go into Settings > Development and allow Non-market installs.

Beginner Help for Developing Web Pages for Smart Phones

I have just started authoring web pages for use on "smart phones". I need to target Blackberry, WinCE, iPhone, etc. What resources or books would you recommend for someone with ample web and software development experience but no experience developing UI for these devices? What emulation kits would you recommend, and how accurately do they represent the real thing?
Edit: To clarify, I have a web application built in ASP.Net. I want a limited subset of the functionality available in the app to be available to mobile devices. I am writing a separate set of pages to accomplish this. I am starting with two, simple chunks of functionality. In the future I believe I might get requirements for more functionality to be ported.
Check out WURFL - the Wireless Universal Resource File
The WURFL is an XML configuration file
which contains information about
capabilities and features of many
mobile devices.
The main scope of the file is to
collect as much information as we can
about all the existing mobile devices
that access WAP pages so that
developers will be able to build
better applications and better
services for the users
Also Checkout the Wireless FAQ
Telling us the language you are using/know would be very helpful.
From an emulator standpoint, there are good ones out there, but honestly NOTHING beats having the actual device, yes it is expensive, but the user experience on a mobile device is much different than any emulator can illustrate. if you are serious about this, get a device or two for testing!
Documentation on developing web pages for iPhone can be found at Apple's iPhone Dev Center
You can test your site with the iPhone Simulator to get an idea of how it will look on an actual iPhone. Note: You need a Mac to run the iPhone Simulator.
If you are serious, you really need to test on actual devices.