Franklin Heath Ltd

Master Your Information Assets

  • Categories

  • Meta

Archive for the ‘Applications’ Category

Enigma Simulator: Live Demo & Lessons Learned

Posted by Craig H on 3 April 2012

I was privileged to present our Enigma simulator app at the Mobile Monday London Demo Night last night; it was pretty nerve-racking, doing a live demo in front of a vocal crowd of 200 knowledgable people with a strict time limit of 3 minutes, but happily the response was enthusiastic and positive!

Apart from giving everyone a quick lesson in how to use an Enigma machine, the main aim was to share the progress so far of our experiment, using in-app advertising and in-app billing for charity fund-raising. This chart shows the numbers of downloads in the few weeks following the app’s release on Google Play (green line) and the revenue breakdown between adverts (dark blue) and donations (light blue):

Read the rest of this entry »

Posted in Applications, Enigma | Leave a Comment »

Our First App Published: Enigma Simulator

Posted by Craig H on 4 February 2012

This started when I was asked to do some prototyping work on Android by a client last November; I hadn’t done any programming on Android before, but I was familiar with Java from my time working on Enhydra Enterprise at Lutris Technologies. When I joined Lutris in 2000 I was new to Java (after 15 or so years working with C on UNIX™) so I wrote an Enigma simulator in Java as a learning project (it was related to security, a good way of getting to grips with object orientation, and fun!) I hadn’t used the code in over 10 years since, but I dusted it off and got it running on Android to get familiar with the new environment.

Having spent a couple of days on it, I had it running with a rudimentary UI and was familiar enough with the Android SDK to put the Enigma project aside and concentrate on the paid work, but I did still wonder if something useful could be done with the code. Back when I first wrote the logic of the simulator, there was a real Enigma machine out on a table at Bletchley Park that you could physically use and experience what the real operators in World War II had to do. These days, with auction prices of the machines topping $200,000, they’re all locked away behind glass. Given the touch UI of Android, it occurred to me that a good enough simulation could be a useful educational tool, perhaps put alongside museum displays on a tablet computer to give people something of the real feel of the machine.

Read the rest of this entry »

Posted in Applications, Enigma, Payment | Tagged: , | 10 Comments »

Smartphone Apps, Cryptography and Export Controls

Posted by Craig H on 15 January 2012

You can’t work in software product security for as long as I have and not learn something about export controls, like it or not! Historically, many governments regarded encryption as military technology and defined and controlled it as such in their regulations. These days, pretty much anyone who uses the Internet or a mobile phone (and that’s more than 2/3 of the world’s entire population) uses encryption every day, for shopping on the web, logging in to social networks, or simply to call their friends. Nevertheless, export control regulations for encryption are still on the statute books of most countries around the world, and could still be enforced. The UK records of export control prosecutions and fines don’t include any relating to encryption technology in recent years; I would be interested to know if there have been any elsewhere.

Although I have sat in many export control meetings with lawyers over the last twenty-some years, I have to point out that I am not a lawyer, and this is not legal advice. I just thought it might interest others if I share my thinking on the current regimes of export controls, as I’m now in the situation of needing to consider it (again) as we want to publish an Android app that contains cryptographic technology (a simulation of a World War II Enigma machine, more on this soon…)

The main things I’ve learned about export controls on cryptography are that common sense often doesn’t apply and nothing is ever simple.
Read the rest of this entry »

Posted in Applications, Cryptography, Enigma, Export Control | 1 Comment »

The Symbian Signed Story, Part 4

Posted by Craig H on 2 July 2010

It really is time that I brought my very occasional series of posts on the history of Symbian Signed up to date. We have some future changes in the pipeline that we are hoping will make things still less of a burden for developers, and I think it’s helpful to put that in the context of what has gone before (a 6 year history of incremental improvements).

In the last instalment, I had got up to 2006, when the first phones with platform security started shipping. This was a major turning point in the perception of Symbian Signed, as before then it was an optional thing for developers, but afterwards it was a requirement for access to the more security-sensitive APIs on the platform. I’ve already explained (I hope!) why that was necessary, but it did mean that some developers who would really rather not care about security now were forced to, and started to complain very loudly about it.

Read the rest of this entry »

Posted in Applications | 1 Comment »

Freeware Application Testing Idea

Posted by Craig H on 1 April 2010

We know that there is a lot of inconvenience associated with distributing free (as in beer) applications for the Symbian platform at the moment – either the developer has to pay to get it Symbian Signed or every user has to sign the application for their own phone using Open Signed Online.

I am suggesting that the Symbian Foundation should host a beta test site for free applications. Developers and volunteer testers would be able to sign up to the site with just an email address and an IMEI, and then they could upload any application they like, and download any application they like. On download, the application would automatically go through Open Signed Online and be signed for that user’s specified IMEI.

Read the rest of this entry »

Posted in Applications, Malware, Risks | 4 Comments »

Health Apps on Phones?

Posted by Craig H on 8 February 2010

This post is about trustworthiness (security in a broad sense) and specifically about reliability.

I see increasingly frequent suggestions that people should use their phones to monitor their health. This is, on the face of it, attractive; being an insulin-dependent diabetic, I carry a blood glucose meter with me pretty much everywhere, and in line with the general trend of convergence (calculator, camera, music player, radio, etc.) wouldn’t it be great if that was built in to my phone?

Well yes, that would be very convenient, but I’m afraid I think it’s a fundamentally bad idea.

Read the rest of this entry »

Posted in Applications, Risks | Leave a Comment »

Apps for the Paranoid Needed?

Posted by Craig H on 4 January 2010

I can’t let Karsten Nohl‘s presentation at 26C3 go without comment. To be clear, he was only talking about weaknesses that were already known (so headlines like “Secret mobile phone codes cracked” are at best misleading) but his purpose was to demonstrate that those theoretically known attacks are now practical. His point is a very valid one, and holds for most (all?) cryptographic algorithms: researchers will discover more efficient attack techniques, and technology will evolve to make such attacks practical, so you’d better design your cryptographic protocols so you can switch to different algorithms if and when the future need arises.* Happily this is the case for the GSM protocols, and all (!) that is needed is for the phone manufacturers and network operators to deploy the A5/3 algorithm and we can all go about our business.

That said, there is an interesting point made, almost in passing, in the presentation. Read the rest of this entry »

Posted in Applications, Network Protocols, Privacy | 3 Comments »

The Symbian Signed Story, Part 3

Posted by Craig H on 8 June 2009

Previously on The Symbian Signed Story:

  • Symbian Signed costs reduced by open market for services
    Developers could choose between 3 test houses and 2 certificate authorities

And now, introducing platform security…

Read the rest of this entry »

Posted in Applications | 1 Comment »

Nokia Ovi Store Content Guidelines?

Posted by Craig H on 27 May 2009

eWeek published an article yesterday quoting an unnamed “Nokia spokesperson” describing Nokia’s criteria for accepting applications into the newly launched Ovi Store:

“Every publisher is passed through a review process prior to their content proceeding through the system. Once they have been approved, a developer’s content passes through a moderation process which looks at each content item and evaluates it against our content guidelines. After each content item passes the moderation step it proceeds through our quality assurance process which runs a set of test cases on the targeted devices according to the content type.”

It’s also stated that applications must go through Symbian Signed Express Signed before being submitted.

Read the rest of this entry »

Posted in Applications | 2 Comments »

The Symbian Signed Story, Part 2

Posted by Craig H on 26 May 2009

Previously on The Symbian Signed Story:

  • Public launch on 18th May 2004
    A quality mark to replace “Nokia OK” and other manufacturer certifications
  • Self-supporting (neither subsidised nor profit-making)
    Fees for signing go to third-party Certificate Authority, fees for testing go to third-party test house
  • Security was not a primary goal
    Symbian OS didn’t have platform security until 2 years later

The next phase in the evolution of Symbian Signed focused on reducing the cost to developers of getting their apps certified. As we have noted, the fees paid by developers were divided between fees for signing (mainly for issuing publisher certificates) going to VeriSign and fees for testing going to Capgemini. Symbian therefore resolved to bring the benefits of an open market for signing and testing services to bear.

Read the rest of this entry »

Posted in Applications | 3 Comments »