• Ga chevron_right

    The Inside Story Of iBeer, The Underdog iPhone Beer App That Made Millions

    Danie van der Merwe · / gadgeteerza-tech-blog · 2 days ago - 12:05

The work of a down-and-out magician, nothing was bigger during the App Store's first year of existence. But like so many overnight successes, iBeer got drunk on money and power and last call arrived far too soon.

I remember buying this app for the same reasons as everyone else, before the Android phone was even available. For some reason, when I switched to Android, I really missed this app as well as the iOS Barbecue app (will have a separate post on that story). Similar beer apps made it to Android fairly soon, but the Barbecue app never did.


#technology #ios #iphone #mobile

  • Nu chevron_right

    iPhone sous iOS 14 : non, Apple n’a pas trahi sa promesse sur les mises à jour de sécurité / Numerama · 3 days ago - 14:53

Au lancement d'iOS 15, Apple avait laissé entendre qu'il continuerait de mettre à jour iOS 14 régulièrement… ce qu'il ne semble déjà plus faire. Certains sites s'en agacent, mais se trompent peut-être de cible. [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité

  • Ar chevron_right

    Safari and iOS users: Your browsing activity is being leaked in real time / ArsTechnica · 5 days ago - 18:14

Safari and iOS users: Your browsing activity is being leaked in real time

Enlarge (credit: Getty Images)

For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.

The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say,—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab.

Obvious privacy violation

Since September’s release of Safari 15 and iOS and iPadOS 15, this policy has been broken wide open, research published late last week found. As a demo site graphically reveals, it’s trivial for one site to learn the domains of sites open in other tabs or windows, as well as user IDs and other identifying information associated with the other sites.

Read 9 remaining paragraphs | Comments

  • Sp chevron_right

    Let's talk List-Unsubscribe! / spam_resource · 5 days ago - 13:00 · 3 minutes


I was talking to friends running an ESP platform the other day, helping them understand the difference between the available types of list unsubscribe support, what does it mean and how does it work. Might you find that interesting as well? Let's see.

List-unsubscribe: What is it? It's a hidden email header. Originally specified in RFC 2369 , the goal was to provide a hook that email clients could hook into, to display an unsubscribe option to subscribers in a way and place that was easy to find and common from message to message. I can't speak for the creators, but I imagine the goal is to make it easy for subscribers to unsubscribe, so that they don't turn to clicking the "report spam" button instead, out of frustration. TL;DR? Standardized method for declaring what an unsub button should do.

It's been around a while (the spec is dated 1998) but Gmail was the big adopter, rewarding good senders by displaying an unsub link in the Gmail UI, if the header was present. (Gmail actually sometimes displays the link even with no header present, for some big brands, to help drive display of the link more often. So if you see an "Unsubscribe" link in the Gmail UI, but there's no list-unsub header, that's why.) Sendgrid's got a good overview of the basics , and I published my own FAQ about this back in 2016 .

And then along came Apple's iOS 10, where they added (email based) support for list-unsub as well .

And as I've said before, distilling down guidance from Laura Atkins to just the TL;DR -- if you send marketing mail or if you're building a platform to serve up marketing mail, you NEED list unsubscribe support. The sending reputation of the customers sending from that platform are going to suffer without it.

That's the history. Now let's jump forward to today. There's a new-and-improved version of the standard outlined in RFC 8058 called "Signaling One-Click Functionality for List Email Headers" or what I tend to simply call "list unsubscribe post" because of what happens behind the scenes when the unsub button is pushed. The webmail makes a "POST" call back to the sending platform to pass the unsubscribe request. In theory, bots and security scanners won't make a POST request, preventing "false positive" unwanted unubscribes.

Tony Patti from Sparkpost put together a great overview (and a chart) in 2020 showing which ISPs support which method. It's something you should bookmark and use as your guide when building list-unsub and list-unsub post support into your sending platform. The one thing I'd update from that post is that I'm observing Microsoft's sending a list-unsubscribe POST response, but I think it might be malformed. It seemed to do it even when no list-unsubscribe-post header was present, and I'd recommend testing to make sure you can properly capture these unsubs requests.

It's clear to me that list-unsub-post is the future of embedded unsub functionality, but I don't think it's safe to implement it without also implementing the mailto: version, otherwise you'll lose the opportunity to receive opt-outs from Apple Mail users.

And finally, don't fear the unsubscribe. Chad White explained for the Litmus blog back in 2016 why List-Unsubscribe Concerns Are Overblown , and that guidance is still solid. Subscribers come and subscribers go. You ARE going to lose subscribers over time; they can't be locked down in any practical way -- trying to do so will only cause harm to a sender's reputation. Don't forget that list growth needs to be part of your marketing strategy. It's not simply that you "build a list" once and then you're done.

Značky: #ios, #wttw, #list-unsubscribe, #gmail, #Network

  • Nu chevron_right

    Fortnite revient sur iOS, mais pas comme vous l’espériez / Numerama · Friday, 14 January - 11:45

GeForce Now va offrir un accès à Fortnite sur iOS, grâce au cloud gaming. À condition d'être client de l'offre. [Lire la suite]

Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité

  • Jo chevron_right

    Fortnite est enfin de retour sur iOS… grâce à Nvidia / JournalDuGeek · Friday, 14 January - 10:30

template-jdg-2021-09-30t140239-794-158x105.jpgFortnite Playstation cup

Alors qu'Apple n'a toujours pas prévu de réhabiliter Fortnite sur son App Store, le battle royale à succès d'Epic Games va s'offrir un retour inespéré grâce à Nvidia.

Fortnite est enfin de retour sur iOS… grâce à Nvidia

  • Sc chevron_right

    Faking an iPhone Reboot / Schneier · Tuesday, 11 January - 16:20 · 1 minute

Researchers have figured how how to intercept and fake an iPhone reboot:

We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a real shutdown. The user cannot feel a difference between a real shutdown and a “fake shutdown.” There is no user-interface or any button feedback until the user turns the phone back “on.”

It’s a complicated hack, but it works.

Uses are obvious :

Historically, when malware infects an iOS device, it can be removed simply by restarting the device, which clears the malware from memory.

However, this technique hooks the shutdown and reboot routines to prevent them from ever happening, allowing malware to achieve persistence as the device is never actually turned off.

I see this as another manifestation of the security problems that stem from all controls becoming software controls. Back when the physical buttons actually did things — like turn the power, the Wi-Fi, or the camera on and off — you could actually know that something was on or off. Now that software controls those functions, you can never be sure.

  • Nu chevron_right

    Bulle bleue ou bulle verte ? Google accuse Apple d’intimider ses utilisateurs / Numerama · Tuesday, 11 January - 14:29

Sur Twitter, le vice-président de Google en charge d'Android multiplie les attaques contre Apple. Selon lui, Apple empêche l'industrie de progresser pour favoriser ses iMessage. Qu'en est-il vraiment ? [Lire la suite]

Voitures, vélos, scooters... : la mobilité de demain se lit sur Vroom !