Apps Archives ⋆ Page 132 of 256 ⋆ Mobile Commerce Press

Category: Apps

Huge mobile security vulnerability may exist in iOS apps

Julie Campbell | April 27, 2015

1,500 applications could be open to hackers as a result of outdated code that they continue to contain.

Analytics company, SourceDNA, has identified a mobile security bug that likely still exists in about 1,500 apps that could open up these iOS App Store applications to “man in the middle” attacks.

The problem exists in the way that the iOS apps create secure connections with servers.

The reason is that this connection that is established has a bug in it. This means that a mobile security exists in that anyone who intercepts the data being transmitted from an iPhone or iPad would be able to access the login names, passwords, and a number of other forms of private information that could be sent by way of the HTTPS protocol. When SourceDNA discovered the bug, it reported that among the companies that have kept the outdated code in at least one of their iOS apps were: Microsoft, Yahoo, Uber, and Citrix. This means that millions of Apple device users could have their privacy threatened if the wrong person should choose to attack.

This type of mobile security threat makes it possible for an attacker to take hold of data on the device.

Mobile Security - iOS Apps This is because attacks through a “man in the middle” vulnerability opens the device up to a fake WiFi hotspot in order to be able to intercept data contained in devices that have connected to it. Typically, this sort of attack, which are also frequently called “coffee shop hacks”, isn’t possible because those artificial hotspots don’t have adequate security certificates. However, the bug that has been found in the iOS apps has stopped those applications for properly checking for those certificates.

The origin of the bug was in the AFNetworking open-source networking code which has been used in the development of thousands of different apps in order to allow them to connect to servers. The code’s 2.5.1 version was originally introduced in January and it had the bug within it which allowed the connections to occur without checking for HTTPS mobile security certificates. There has since been a corrected 2.5.2 code introduced, but there remain about 1,500 apps at the iOS App Store that have yet to update.

Lush finally makes it into m-commerce with a shopping app

Denny | April 24, 2015

The handmade cosmetics retailer has been a holdout until now but has finally created a scent and mood application.

Cosmetics retailer, Lush, which is best known for its handmade products, has finally taken its very first steps into the m-commerce sphere with the launch of a new mobile app for iOS devices that gives shoppers the ability to browse through its items based on their mood or a fragrance they like.

The design of the app was meant to focus on the sensory experience of their various retail offerings.

The m-commerce app gives users the chance to search and browse through categories based on a number of different factors, including the scent, feel, and mood of a given product. Each of the products is then displayed in styles and colors that are detailed and rich. Next to the name of each product on its individual description page is a complete list of all of the ingredients that it contains, as well as high resolution videos and pictures.

In order to create the m-commerce app, Lush worked alongside the ustwo digital product studio.

m-commerce - shopping app The digital product owner at Lush, Adam Goswell, explained that “Working in such close collaboration with ustwo gave us the opportunity to create something really great together, that benefits from ustwo’s experience in delivering great mobile experiences coupled with the brand knowledge and design/creative input from Lush – it made for a formidable team.”

The lead designer at ustwo, Dev Morgan added that it was challenging to be able to organize such a vast selection of varied content for the mobile commerce channel. They, therefore, used native code processing power in order to “incorporate cues from the current website,” so that it became possible for them to be able to accomplish and display a great deal more.

Goswell and Morgan will be looking to broaden the m-commerce app across the international markets at Lush over the next twelve months, but both companies have expressed their happiness and excitement over their first foray into the mobile marketplace. The cosmetics retailer may have taken its time in stepping into the smartphone based shopping ecosystem, but now that they have done it, they have made certain to do it in a way that reflects their brand.