Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
but he is quick to point out that it is not a bug, as the techniques demonstrated in the video can be used for "good as well as evil."

Ah, something for developers to contemplate while designing and cutting out the fabric for their super-hero unitards. :p

Then please allow ad block plus for iOS.

That… wouldn't help at all; this is an exploit that must be made by the developers of apps, not web developers. Having less ads wouldn't prevent developers from stealing information.
 
Is this specific to iOS 8 or iOS for that matter? If not why is this a story?
 
Financially they won't take much of a hit (although AAPL is kind of a separate thing). But what's more valuable than Apple's pile of cash? Their brand. And that is taking a pretty good beating in recent weeks, from the leaked iCloud accounts, the botched keynote video live stream, Tim Cook's awkward moment with Bono that makes them look old and uncool even to old people, the free U2 album download that no one wanted forced on them, the horrendous iPhone 6 preorder fiasco, various iPhone 6 issues, many annoying iOS 8.0 issues (including all HealthKit apps getting pulled from the App Store), to todays botched 8.0.1 "fix" that disables the primary communication stream of iPhones. I mean they will get through it, but it's been kind of rough.

Lets be honest.. most people will never hear about any of that stuff. At all. The iPhone preorder thing is the biggest one, and that'll only make people rush to order faster next year.
 
nothing to see here ....

I assume every mobile browser in every mobile OS does the same thing, this is not peculiar to iOS only. I've created Windows Phone apps before and you can inspect the DOM of the browser plugin and you must be able to inject code into page that read key presses.

HOWEVER...

That's the reason why every app is vetted by Apple and has a review process and can be killed remotely. They have your bank details and other types of information on you when you create an app so tracing someone doing something malicious should be pretty straightforward.

So everyone who complained about the "walled garden" can now understand one of the major reasons its there. Windows OS in the 90's used to be a wild west of viruses and piracy simply because there was no way to police the thing. Thats what eventually pissed everyone off about Windows. We kind of need the policing out here cos people just abuse everything at the end of the day.
 
It's just becoming surreal, isn't it.

I just met someone, a young, normal person, who has never had a cell phone, and gets along just fine the way we all used to not all that long ago. I don't think I can go that far. Yet. But I'm feeling like maybe that should be a goal. I'm at least going to try shutting the damn thing off for a while and maybe just using it for emergencies.
 
this would be a problem on any phone not just a ios device.

Phone? It would be a problem on any computer... It's also the problem with any note taking app, what if you take a note on some private info? You never know if it's sending your note to IgotYourNotes.com...

He's right, but it's not much different than trusting any 3rd party app where you enter any kind of info.
 
:eek: :eek: :eek: :eek: :eek: :eek: :eek: :eek: :eek: :eek: :eek: :eek: :eek: :eek: :eek: :eek:
 

Attachments

  • OHCRAP.jpg
    OHCRAP.jpg
    105.5 KB · Views: 95
And the good news just keeps on coming. I have a feeling Tim Cook will be drinking heavily this weekend.

Tell me about it, so far today I've read about:

iPhone 6 having major camera issues.
http://venturebeat.com/2014/09/24/iphone-6-has-serious-camera-problems-say-toms-hardware-testers/

More Bendgate
http://news.yahoo.com/depth-examination-bending-iphone-6-plus-174538641.html

iOS 8.0.1 issues
http://techcrunch.com/2014/09/24/ap...healthkit-apps-can-now-come-to-the-app-store/


What's next?
 
Curious about this as well. I use 1Password for password storage only. I have never used the in-app browser. Never liked that.

How can anyone trust Agile to store the passwords but not the in-app browser? If Agile wants your passwords, it certainly doesn't have to grab them via the browser.
 
It's quite simple. Use a browser made by Google for sensitive data. Don't use one made by John Nobody for that kind of stuff.

Kinda sad you had to ask actually.

(Brilliant how your username contains "John")

For many people, the share size of google seems to makes it less worthy of their trust. The fact that google's users are it's product is a big part of the issue.
However there doesn't seem to be a real alternative. Google is a verb.
Same trust issues with facebook.
 
Last edited:
Is this specific to iOS 8 or iOS for that matter? If not why is this a story?

It's not specific to anything. (Well, every Internet device with apps.)

May as well have a story: Buy an iPhone, Lose Your Life Savings! iPhone 6 Allows Users to Receive Scams by Email... just like every other way of getting at your email.

Whatever sells clicks and ad-views....

I do think it's a topic worth being aware of, on any platform--but not one of any specific current relevance. (I also think if anyone can tackle it well, it's Apple, and I hope they can.)
 
I use 1Password, which has an in-app browser. Kind of ironic, really...

Keep in mind the very core of this.

but he is quick to point out that it is not a bug, as the techniques demonstrated in the video can be used for "good as well as evil."

We do not grab any information from the web browser at this time. Though in the future we may try to implement similar features as our desktop version allowing something like AutoSave functionality. At that point we would be getting the data in the webpage so as to save the data for you.

If we were to ever use features like Craig mentions it would only be for good.

Curious about this as well. I use 1Password for password storage only. I have never used the in-app browser. Never liked that.

As mentioned above, we do not gather any data about the pages you're visiting. That would be a breach of trust.

What we could do is use this or similar technology as our desktop browser extension to help save new usernames/passwords but if we did that it would be something you could turn on or off at your discretion.

How can anyone trust Agile to store the passwords but not the in-app browser? If Agile wants your passwords, it certainly doesn't have to grab them via the browser.

:)

I like the way you think. But, given what I've mentioned above, we don't currently do any gathering of data from the built in web browser. If we did it would only be to allow AutoSave type of functionality and would be an optional feature.

All we've ever wanted to do was help people be secure and we wouldn't breach the trust that our users have for us.
 
Is this specific to iOS 8 or iOS for that matter? If not why is this a story?

From my understanding, it is neither specific to iOS 8 or iOS at all. The same attack could be done on Android FWIW.
 
It's just becoming surreal, isn't it.

I just met someone, a young, normal person, who has never had a cell phone, and gets along just fine the way we all used to not all that long ago. I don't think I can go that far. Yet. But I'm feeling like maybe that should be a goal. I'm at least going to try shutting the damn thing off for a while and maybe just using it for emergencies.

A big part of the problem would be the looks people give you when you have to remind them you can't "text me".

----------

As opposed to who? Why don't you tell us our alternatives?

That's what I thought.

How's duckduckgo?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.