PDA

View Full Version : Apple Offers Clarification on Mobile Safari Anti-Phishing Feature




MacRumors
Sep 13, 2009, 12:15 AM
http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com/iphone/2009/09/13/apple-offers-clarification-on-mobile-safari-anti-phishing-feature/)

Last week, some questions were raised (http://www.macrumors.com/iphone/2009/09/10/mobile-safari-anti-phishing-feature-criticized-as-being-inconsistent/) about apparent inconsistencies in the way that Safari on the iPhone and iPod touch was employing a new anti-phishing feature added in iPhone OS 3.1 (http://www.macrumors.com/2009/09/09/apple-releases-iphone-os-3-1-for-iphone-and-ipod-touch/).

The Loop spoke with Apple (http://www.loopinsight.com/2009/09/12/apple-responds-to-iphone-anti-phishing-confusion/) about the issue, and learned that the anti-phishing database is updated on a user's iPhone via the charging/syncing process in order to preserve battery performance and prevent hidden data usage on cellular networks."Safari's anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there aren't any additional data fees," Apple spokesman, Bill Evans, told The Loop. "After updating to iPhone OS 3.1 the user should launch Safari, connect to a Wi-Fi network and charge their iPhone with the screen off. For most users this process should happen automatically when they charge their phone."The report notes that the entire anti-phishing update must be downloaded in order a user to be protected, which likely explains much of the inconsistent behavior seen in early tests of the feature.

Article Link: Apple Offers Clarification on Mobile Safari Anti-Phishing Feature (http://www.macrumors.com/iphone/2009/09/13/apple-offers-clarification-on-mobile-safari-anti-phishing-feature/)



zed2
Sep 13, 2009, 01:47 AM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7C144 Safari/528.16)

So how does an iPhone user check that it's running with the latest version of this system?

Bevz
Sep 13, 2009, 02:48 AM
And i think it would have been useful for Apple to have documented this behaviour from the beginning.

Doctor Q
Sep 13, 2009, 02:59 AM
It's nice to have the technical explanation since the reports of inconsistent behavior didn't seem to make much sense.

impaler
Sep 13, 2009, 03:17 AM
What else is being downloaded??? This is ridiculous.

larrylaffer
Sep 13, 2009, 04:20 AM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7C144 Safari/528.16)

So how does an iPhone user check that it's running with the latest version of this system?

They (of course) don't. The lesson is to sync your phone regularly, which the majority of users are most likely doing already.

bruinselmann
Sep 13, 2009, 04:51 AM
You don't even have to sync the phone, you just have to configure it for your wireless network and charge it with the AC adapter.

I always thought my iPhone was resting when it's cradled in its little dock but nooo, its preparing itself for the dangers of tomorrow !

joshysquashy
Sep 13, 2009, 05:04 AM
Sounds like a sensible solution to me. People always complain about new features. I don't think phishing results need to be updated every minute, and so this background updating makes a lot of sense. After a day or so, everyone will be protected.

Shasterball
Sep 13, 2009, 05:35 AM
This is the most ridiculous way of installing a program that I have EVER heard...

zed2
Sep 13, 2009, 05:49 AM
They (of course) don't. The lesson is to sync your phone regularly, which the majority of users are most likely doing already.

nope... I hardly every sync my phone with my laptop/desktop.... Mobile me does all the syncing I care about on a regular basis. Once I have my 32Gb or Music on the iphone I really don't need to change it that often.

It'll be lucky if I sync it once every 2 months.

mrzippy
Sep 13, 2009, 05:50 AM
This is the most ridiculous way of installing a program that I have EVER heard...

Agreed...

It implies, well actually states, you must launch Safari whilst charging and turn the screen off...

Yes I charge on AC or via iMac but I DON'T launch Safari before doing this.

Shasterball
Sep 13, 2009, 06:23 AM
Agreed...

It implies, well actually states, you must launch Safari whilst charging and turn the screen off...

Yes I charge on AC or via iMac but I DON'T launch Safari before doing this.

Exactly. Who launches Safari when they go to charge their phone? And why assume people leave wifi on 24/7? So confusing...

MacMan86
Sep 13, 2009, 06:30 AM
Exactly. Who launches Safari when they go to charge their phone? And why assume people leave wifi on 24/7? So confusing...

Given that Safari runs as a background service, it could be that as long as you have launched Safari once, having turned the iPhone on (therefore starting the Safari process) you can charge the iPhone on the home screen and it would still update.

If Wi-Fi is turned on and the iPhone is charging off the mains or PC/Mac, instead of conserving battery life and turning the Wi-Fi off after a certain period, the Wi-Fi will stay on indefinitely.

There is no need to sync with iTunes - the article does not mention syncing at all

walnuts
Sep 13, 2009, 07:25 AM
I'm sorry- I'm not sure I understand this- why couldn't this information be part of the 3.1 update itself, and updates to the anti-phishing feature come with other security updates?

GoCubsGo
Sep 13, 2009, 07:32 AM
Agreed...

It implies, well actually states, you must launch Safari whilst charging and turn the screen off...

Yes I charge on AC or via iMac but I DON'T launch Safari before doing this.
Yeah, I never thought to actually launch safari after I began charging.
Exactly. Who launches Safari when they go to charge their phone? And why assume people leave wifi on 24/7? So confusing...

I have wIfi on 24/7. I think many more do too.

I don't know but if this is how it is then okay.

MacMan86
Sep 13, 2009, 07:43 AM
I'm sorry- I'm not sure I understand this- why couldn't this information be part of the 3.1 update itself, and updates to the anti-phishing feature come with other security updates?

Given that Google adds around 50,000 entries per month (http://googleonlinesecurity.blogspot.com/2009/08/malware-statistics-update.html) that would either involve daily updates through iTunes or few updates and being unprotected for long stretches of time

MacMan86
Sep 13, 2009, 07:45 AM
Yeah, I never thought to actually launch safari after I began charging.

As I said, I'm pretty sure that once you've launched Safari once, it will remain running in the background (along with Mail) until the phone is turned off/reset. Apple wouldn't require users to leave Safari on the screen while charging, and if they did, they would definitely tell people.

bldmn
Sep 13, 2009, 08:53 AM
Apple wouldn't require users to leave Safari on the screen while charging, and if they did, they would definitely tell people.
All of which means that Apple needs to do a better job of communicating these things to users in the first place.

TitoC
Sep 13, 2009, 09:27 AM
Agreed...

It implies, well actually states, you must launch Safari whilst charging and turn the screen off...

Yes I charge on AC or via iMac but I DON'T launch Safari before doing this.

I think everyone needs to settle down here. I believe people are reading this wrong (and rightfully so). But after talking to several developers who work with WebKit, the iPhone OS and understand the this particular Safari phishing issue, this is what is happening: In the new OS, when the user charges his or her iPhone (and I think we all can agree, EVERYONE has to charge their iPhone at one point or another - nothing about syncing whatsoever) the "process" described here begins. I think what Bill Evans was trying to say is that the PROCESS should happen automatically NOT that the user should follow all of these steps to achieve this process ("For most users this process should happen automatically when they charge their phone."). Safari on the iPhone almost always runs in the background, unless too many apps or resources are needed. This is how it keeps your pages loaded even when you close and reopen it. This same principle applies to iPod and Mail. I think what he was trying to say is that TO BE SURE this process is happening, ". . . the user should launch Safari, connect to a Wi-Fi, etc. . . ." but in all fairness a user does not really need to do this. Just charge it, the process will begin automatically.

"Safari's anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there aren't any additional data fees," Apple spokesman, Bill Evans, told The Loop. "After updating to iPhone OS 3.1 the user should launch Safari, connect to a Wi-Fi network and charge their iPhone with the screen off. For most users this process should happen automatically when they charge their phone."

skikid419
Sep 13, 2009, 10:07 AM
after completing this ridiculous method of installation, i tested my iphone after 2 minutes of being plugged in with safari open screen off wifi on. it does work!

test on tinyurl.com/ratju4

MacMan86
Sep 13, 2009, 10:13 AM
after completing this ridiculous method of installation, i tested my iphone after 2 minutes of being plugged in with safari open screen off wifi on. it does work!

test on tinyurl.com/ratju4

It's not a ridiculous method of installation! The whole point is you don't have to do anything. It's AUTOMATIC and it's the best method I can think of of keeping the database up-to-date without requiring the user to do anything or using cellular data which could be expensive if you're roaming. If you have any better suggestions, let's hear them

skikid419
Sep 13, 2009, 10:25 AM
It's not a ridiculous method of installation! The whole point is you don't have to do anything. It's AUTOMATIC and it's the best method I can think of of keeping the database up-to-date without requiring the user to do anything or using cellular data which could be expensive if you're roaming. If you have any better suggestions, let's hear them

how about any time you are connected to wifi.
its not automatic you have to open safari and then charge it. personally i use an ihome to charge so that doesnt work for me.
Apple should have made it more clear on how to activate this feature.

MacMan86
Sep 13, 2009, 10:39 AM
how about any time you are connected to wifi.
its not automatic you have to open safari and then charge it. personally i use an ihome to charge so that doesnt work for me.
Apple should have made it more clear on how to activate this feature.

No. You haven't read what was said above. Safari is one of a few Apple apps on the iPhone that runs in the background. That means it is running constantly, even when you're playing with another app or looking at your email. It is a constantly running process, just like how the iPod can play music when you're reading emails or playing an app.

The user doesn't have to launch Safari because it is always running. Do you have Wi-Fi at home? Because if so, the iPhone will be connected to your Wi-Fi when it's charging, from an iHome, Mac, PC or mains charger, so long as you haven't disabled Wi-Fi. It will then update by itself.

As a user, all you have to do is not disable Wi-Fi. That's it. At some point you'll have to charge it, and when you do, it will update itself. No launching of any apps, no iTunes syncing.

tokyopunk
Sep 13, 2009, 12:04 PM
What else is being downloaded??? This is ridiculous.

ridiculous that they are offering this protection, or ridiculous that you actually have to do something? People complain about the the most asinine of stuff.

Get a Pre

jmcguckin
Sep 13, 2009, 12:16 PM
What else is being downloaded??? This is ridiculous.

wait, so if I'm reading you correctly, you're actually complaining that Apple has provided you with the option of automatically downloading/syncing updates to your device that will make it more secure (at no extra cost to you, I might add)... exactly what about this justifies your calling it "ridiculous"?

I'll admit, I'd still like to be aware of what processes occur during a routine sync (aside from managing music/other content), but I can hardly imagine Apple downloading/syncing anything to your device that wouldn't have the security of your device and your best interests in mind... so for your sake, please take a chill pill and try not to make such a big deal out of nothing.

ntrigue
Sep 13, 2009, 12:30 PM
I think that this method covers a large population of users, upwards of 70%.

However, my Safari rarely runs in the background as I conciously close all pages to a blank screen then press the home button.

I'm just going to open Safari and plug iPhone in every few weeks.

libertyforall
Sep 13, 2009, 01:15 PM
Well that is dumb! So much for "unlimited" data network usage...

iVoid
Sep 13, 2009, 02:41 PM
So it won't update if you don't have a WIFI connection where you charge your phone? That seems a bit limited.

carmenodie
Sep 13, 2009, 03:36 PM
your device should be updated as often as possible cause the jerks trying to get in your stuff work 24/7.

spillproof
Sep 13, 2009, 03:46 PM
I don't want 3.1 anymore :(

I'm already smart about my web browsing.

wackymacky
Sep 13, 2009, 04:44 PM
Well' I quite like the idea of updating while the phone is charging and connecting to a wifi,

Though being told about it would be good and having it as a opition, ie first time a pop-uo box "update avaliable, download?" with don't ask again option.

In fact why not have updates like this all the time?

justcause
Sep 13, 2009, 05:25 PM
The launching of Safari is to ensure Wifi is active and being used.

This feature is one of those things, any path Apple took would have upset somebody, so they'd naturally head over to a forum and complain.

It would have been better though to state:
- Warn when visiting fraudulent websites in Safari (anti-phishing) ** requires active Wifi connection while being charged for anti-phishing list updates

djgamble
Sep 13, 2009, 07:02 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7C144 Safari/528.16)

So how does an iPhone user check that it's running with the latest version of this system?

Sync your iPhone...

bobsentell
Sep 13, 2009, 08:43 PM
I'm confused. In order to get this update you have sync AND leave your iPhone on WiFi? Am I understanding this correctly? Why not just let iTunes handle the update and just make the updated list part of the sync process? That way we don't have to mess with the WiFi.

-aggie-
Sep 13, 2009, 08:45 PM
There are so many different opinions as to what the OP stated in this thread that I really have no idea what you're supposed to do.

MacMan86
Sep 14, 2009, 08:00 AM
The launching of Safari is to ensure Wifi is active and being used.

How did you work that one out?

I'm confused. In order to get this update you have sync AND leave your iPhone on WiFi? Am I understanding this correctly?

There is no need to sync. The information does not come from iTunes, it comes from the internet. Simply leave your iPhone plugged in (which you have to do someday) with Wi-Fi turned on

There are so many different opinions as to what the OP stated in this thread that I really have no idea what you're supposed to do.

It's quite simple. People saying you have to open the Safari app and lock the screen are wrong - the Safari app is always open anyway - there is no need to open the app and lock the phone.

It is very simple:


Connect your iPhone to some sort of power source where you have Wi-Fi


That's it. That simple. And what benefit do you get? An update to a list of websites that you shouldn't give your banking details to. If you have an ounce of common sense when using the web this whole thing is quite irrelevant anyway.

nbs2
Sep 14, 2009, 09:01 AM
So it won't update if you don't have a WIFI connection where you charge your phone? That seems a bit limited.

Which is why the communication breakdown occured. If I had been told I need to do this on occasion, I might have done it before.

My router is shut down at night and I don't have WiFi at work. I charge my phone at night and sometimes at work. I can't think of the last time that WiFi and charging converged for me (probably my last sync). Without, on a whim, going to the iPhone blog page on MR, I wouldn't have found out this is how the data is loaded to my phone.

Perhaps updating over 3G if your database is over two weeks old? That would people eventually get protected, but would cut out most users who do charge while on WiFi.

The Phazer
Sep 14, 2009, 09:37 AM
It's unbelievable that Apple had to have people shout at them before they realised mentioning how this works might be a good idea...

Anyway, that's much better now they have.

Phazer

-aggie-
Sep 14, 2009, 09:49 AM
SNIP
It's quite simple. People saying you have to open the Safari app and lock the screen are wrong - the Safari app is always open anyway - there is no need to open the app and lock the phone.

It is very simple:


Connect your iPhone to some sort of power source where you have Wi-Fi


That's it. That simple. And what benefit do you get? An update to a list of websites that you shouldn't give your banking details to. If you have an ounce of common sense when using the web this whole thing is quite irrelevant anyway.

My statement was more rhetorical than that I was having problems understanding what the OP quoted. However, since everyone seemed to be coming up with different interpretations of what was written, I was starting to wonder if I was reading it wrong. :)

That being said, Apple should have had some kind of notification (like Windows) that this needed to be done. I mean, we know about it, but the vast majority of iPhone users will not. Sure, they'll eventually be charging their phone and the screen will probably be off, but they still should know it, since they might not have wifi enabled (and why that needs to be done is not explained). They also should have let people know about the ramifications for upgrading to 3.1, but that's for another thread.

Mirtos
Sep 15, 2009, 09:02 AM
Yep, its working, attached the warning message i received ....

szark
Sep 15, 2009, 12:31 PM
Well, this will be a nearly useless feature for me. I think I turn on my WiFi about once every three months.

wacky4alanis
Sep 15, 2009, 03:07 PM
Same here - I hardly ever turn on Wifi. What's the point when 3G is everywhere these days? I figure it's just another radio sucking power from my battery. And I rarely sync to iTunes - the whole point to the iPhone is that it's wireless. Constantly hooking it up to a wire so iTunes can talk to it seems so last millennium.

wolfie37
Sep 16, 2009, 04:24 AM
Same here - I hardly ever turn on Wifi. What's the point when 3G is everywhere these days? I figure it's just another radio sucking power from my battery. And I rarely sync to iTunes - the whole point to the iPhone is that it's wireless. Constantly hooking it up to a wire so iTunes can talk to it seems so last millennium.

Because 3G sucks battery power, much more so than WiFi, it's slower than WiFi and WiFi is in many many places, especially the places where using the Internet is possible.