Locking your iPhone won’t keep mobile thieves from accessing your contacts and personal data… at least for now.

Apple is quickly working on a fix for a just discovered simple trick in iOS 6.1 that allows anyone to bypass your phone’s lockscreen. According to Ricardo Bilton of The Verge:

“iO6 6.1 didn’t just open up the door for jailbreakers – it made life easier for iPhone thieves as well.

Via a frighteningly simple trick in iOS 6.1, thieves and other wrongdoers can bypass the iPhone’s lock screen, giving them access to contacts, voicemail, and even photos. The process, which you can see in the video below, takes only a few seconds and shouldn’t be hard for anyone with two hands to pull off.

The bug is almost identical to a similar one that appeared in iOS 4.1 back in 2010. In that bug, iPhone owners were able to bypass their phones’ lockscreens by calling a random emergency number then quickly hitting the hardware lock button twice.

The iOS 6.1 bug is at least the second one in iOS that’s made news in recent days. In another glitch, problems between iOS and Microsoft Exchange Server have created big headaches for iCal users.”

When it comes to security, it’s clear that testing must be continuous. Hackers are always coming up with new ways to break into software and devices, and this iOS 6.1 bug is a good example of that. Hopefully Apple will be able to come up with a quick fix for this rather worrisome lock screen bug.

Daniel Knott over at Adventures in QA always has great testing advice. One of his most recent posts discusses the importance of testing to ensure updating an app won’t disrupt your users. We’re not talking about testing the latest version to make sure it’s not buggy, we’re talking about the actual updating process – what happens on your users’ device when they hit that little “install update” button. Daniel highlights three key factors that should be tested for:

• The update will not log out users if they are logged in on the old version
• The update will not effect any existing data (e.g. existing data will not be deleted or modified)
• The update will install correctly

Daniel details how to test updates on iOS (using iTunes or the iPhone Configuration Utility)  and Android (using abd) – you can see a step by step guide for each technique by visiting the Adventures in QA post. An important part of these tests is to not delete the existing app from your testing device – you’re not testing a straight install, you’re testing that updating an existing app on a user’s device will go smoothly. Once you go through the actual installing update procedures, manually poke around the app to be sure nothing usual happened. Specifically, you want to be sure all the settings, inputs and data you had in the original app are still in place after the update is complete. If you can, run the test once while you’re already logged into the (old) app and once when you are currently logged out.

People are bad about updating, so it is highly likely that some users won’t be updating from the most recent version of the app. If possible, run update testing on several previous versions of the app (going back an additional two or three versions is probably safest). This can be a hard testing requirement to meet but practices like in-the-wild testing can help you fill the gaps.

Update testing should be part of your normal mobile application testing every time you create a new version of an  existing app. After all, an awesome new versions isn’t going to be much use if it doesn’t update correctly for your loyal users (and a bad update can even drive users away). When all the testing is done and a new version is released, keep an eye on post-launch app analytics to make sure users are happy with the latest release (and if they’re not, see exactly what they don’t like from version to version).

Going mobile-first, improving the mobile experience, making mobile acquisitions; we know… your head is spinning. As usual, every tech news site today has a slew of stories about the enterprise push toward mobile – with Facebook and Yahoo at the top of the list.

But don’t overlook this press buzz. All of these announcements show just how hard every major enterprise is vigorously pushing to master their mobile presence.

At the beginning of the winter we spoke with Maribel Lopez of mobile market research and analyst firm, Lopez Research, on mobile’s effect on businesses’ bottom line. As Lopez said, “Mobile is another Internet channel, so not being a part of it puts you noticeably absent from the commerce sphere.” Lopez is spot on; if your business doesn’t have a quality mobile app, or any mobile app at that, you’re missing out on a massive opportunity.

Nearly all big brands and even startups have come to realize this, so much so that even once web-only brands have abandoned PC efforts altogether. According to Ina Fried of AllThingsD:

“For much of its timeline, mobile has been an afterthought for Facebook. Last year, the company aimed to move to be more of a “mobile first” company.

In 2013, the company’s goal is to create services and features that aren’t even possible on a PC.

‘So many things are unlocked on mobile,’ said Dan Rose, Facebook VP of partnerships, speaking at our D: Dive Into Media conference. ‘You don’t bring your computer to a restaurant or a party.” But it’s those places, Rose said, where people really want to share.”

In 2013 Facebook’s acquisitions will even focus on mobile, according to Lauren Indvik of Mashable. The folks at Yahoo have put their effort behind mobile acquisitions, as well. According Mike Isaac also from AllThingsD:

“Alike, a mobile app that helps users discover nearby venues and places to visit based on their interests, was acquired by Yahoo on Tuesday.

‘We believe that distilled information, deeply personalized and made accessible anytime and anywhere, is what makes mobile experiences a part of our customers’ daily lives,’ the Alike website posted to its blog.”

Issac adds that the app is focused on an area where companies like Facebook, Google, Forsquare, Yelp, and many others are dabbling in now; mobile-based location discovery.

It might seem repetitive, but these are trends every developer and every business owner cannot ignore. Keeping an eye on the mobile strategies these big brands come up with – and how they turn out – can give businesses an idea of the kind of mobile strategy your business should work towards.

iPhone owners in Europe are discovering that newer is not always better when it comes to mobile operating systems. Today we learn that carriers Vodafone and 3 are warning iPhone 4S users against updating to iOS6.1. Why? Because of problems with 3G connectivity. First world problems, to be sure, but a problem nonetheless.

Here’s VentureBeat with the story:

The iOS  6.1 update was issued in late January and offered new features like the  ability to buy movie tickets from within Siri. But many iPhone owners also noted that it has led to excessive battery usage, in addition to the  networking issues Vodafone UK and 3 Austria pointed out. Apple will likely fix  the issues in its next update, iOS 6.1.1, which is currently in beta testing  with developers.

It’s not unusual for carriers to warn their customers about specific upgrades  if they have issues with their cellular networks. I haven’t seen as many reports  about iOS 6.1 causing issues on U.S. carriers — for the most part, iPhone owners  in the U.S. have been complaining about the battery hit from the update.

Here is Vodafone’s official statement:

We’re aware of an issue caused by Apple  iPhone 4S handsets that have been upgraded to iOS 6.1 which impacts performance on 3G.  Some customers may occasionally experience difficulty in connecting to the  network to make or receive calls or texts or to connect to the internet.

Apple is working on a solution to their software issue. These connection  problems are intermittent. While Apple’s investigations continue, we would  recommend that anyone who has not yet installed iOS 6.1 on their iPhone 4S  should delay doing so until Apple has confirmed that the problem has been  fixed.

Read the Rest >>>

Smartphones, tablets and other mobile devices are still working their way around the globe, but in countries with heavy smartphone proliferation mobile data usage is the number we need to keep an eye on. According to Cisco System’s Visual Networking Index of mobile traffic, mobile data consumption has more than doubled over the past year. As reported by Gigaom, “the average global mobile user consumed 201 MBs of data a month in 2012, more than doubling the 92 MBs monthly average from 2011.”

When you look at a more detailed breakdown of mobile data use those numbers get pretty lopsided pretty quickly.

And things will only get more congested:

In total, devices with mobile connections generated 900 petabytes of traffic (a petabyte being 1 million GBs) each month in 2012. And we ain’t seen nothing yet. Cisco is projecting global mobile traffic will grow at compounded annual rate of 66 percent for the next five years, doubling 13 times by 2017. This year, monthly mobile traffic will enter the exabyte era (an exabyte being 1 billion GBs). By 2017 global mobile users will eat up 11.2 EBs each month, according to the VNI.

Read more at Gigaom >>>

It’s a burden constantly weighing on anyone involved with app development; is this app invading users’ privacy? Is it secure? Ideally, this is something app developers and business owners would mull over prior to launch. Yet more often than not, it hits the hardest post-launch when angered users pour their anger out all over app store reviews and social media.

Security is easy to overlook for developers – and when something goes awry, very easy to point blame as a consumer. In order to truly overcome the immense challenge of mobile security, it takes a conscious effort from both developers and mobile users. Here’s a look at both ends of the spectrum, and best practices for minimizing mobile security risk:

For Developers:

Collect as little data as possible: Make users aware of the data you are collecting from them, and don’t let any surprises fall through the cracks. Being up front and honest about the data you store, reinforces a trust factor between the app and the consumer. With that being said, practice data minimization and collect as little data as possible. Only collect user data that is vital to the apps functionality. The more of users’ information you request, the more likely they are to drop your app. Not to mention, practicing data minimization mitigates risk of the information being hacked or misplaced.

Protect the data: Any data you need to store needs to be protected. Business Center Blog’s  Lesley Fair, in her “12 tips toward kick-app mobile security”, says “If your app handles personal info, think about protecting or obscuring data — for example, by using encryption.” She also adds that if you have an app that communicates with a server, take appropriate measures to protect that, as well.

Test: Another “kick app” tip is to make someone responsible for security. It is true that there needs to be a dedicated person on the development team handling security, but it’s important to remember that a single person cannot adequately find security vulnerabilities on their own. That dedicated person should find and manage a testing solution with real world white-hat testers that can probe the app for all common vulnerabilities.

For Mobile Users:

Accept those mobile updates: As Raj Sabhlok of Forbes says, “Accept those mobile updates… fast!” Developers are increasingly honing in on improving app security by finding vulnerabilities, patching them and releasing updates. According to Sabhlok, “Vendors are increasingly focused on security in light of recent high-profile breaches. As a result, they are working fast and furious to deliver security updates. Unfortunately, users don’t update their mobile operating systems and applications in a timely manner.”

Password Management: We all know passwords are a no brainer, but surprisingly it’s a step people often skip. As Sabhlok says, “In fact, implementing a passcode on your device is probably the strongest deterrent to a would-be hacker. Surprisingly, many people omit the easiest and quite possibly the most effective security mechanism there is.”

For mobile users and developers, a good analytics tool for measuring privacy and stability of an app is Applause. The free tool allows users to search the app they want to download, and see how other users rate the app in the app stores based on privacy and stability along with many other attributes. For developers, Applause gives them a sense of where their app stacks up and how users feel about their app’s privacy and stability. Find an app now.

Reports today say Facebook is developing a mobile app to help you to track down your friends. This announcement may not come as a surprise, as Zuckerburg emphasized his plans to bring Facebook to a new ‘mobile-first’ front at the start of this winter.

While the app could help Facebook in several ways, it’s also likely to raise privacy and testing concerns among users. Douglas MacMillan, of Bloomberg says:

“Facebook is adding features to help it profit from the surging portion of its more than 1 billion users who access the service via handheld devices. The tracking app could help Facebook sell ads based on users’ whereabouts and daily habits. It may also raise the hackles of consumers and privacy advocates concerned about the company’s handling of personal information.”

Although the mobile app may worry users initially – Facebook knows the importance of security testing – as any company with more than 1 billion users should.

However, as more applications needing multiple users for full functionality launch, the requirements for testing change. An app for location tracking – or other similar means – has to be used between two or more people to work, making it nearly impossible to sufficiently test the app inside the lab. The only way to know if the mobile app is functioning at all, never mind intuitively, is to test among two or more people under real world conditions. As multi-user applications continue to grow in popularity, in-the-wild testing will become an imperative part of development.

It’s not the crime, it’s the cover-up. This is usually said of political scandals, but it also applies to the mobile app data. In other words, users don’t normally care if an app collects their private data (currently not a crime, by the way). But if an app lies or misleads the user about the data they are collecting, then there’s a problem.

This situation has not been lost on the FTC, who recently released its “Mobile Privacy Disclosure: Building Trust Through Transparency” staff report. Here is Wired with a good explanation of the report, and also what it means for app developers:

The theme of the report is that mobile platform operating system providers (Amazon, Apple, BlackBerry, Google, and Microsoft), app developers, ad networks, and analytic companies need to provide consumers with timely, easy-to-understand disclosures about the data that is collected about them and how the data is utilized.

It appears to build on the September 2012 report “Marketing Your Mobile App: Get it Right From the Start”. Some of the recommendations in the September 2012 report include: build privacy considerations in from the start, honor your privacy promises, collect sensitive information only with consent, and keep user data secure

The overall theme of this staff report is that the mobile apps industry must do a better job of communicating to its users what data is being collected and how it is being utilized. If mobile apps stakeholders do not move in a timely manner to implement the recommendations in this report more regulation may be required to protect the personal privacy of consumers. The bottom line is that the FTC may closely monitor how stakeholders react to its recommendations to determine if more regulation may be required to protect the digital privacy of users.

While mobile apps offer some great benefits and exciting new ways to interact with others, there are tremendous privacy issues that need to be addressed. Mobile ecosystem gatekeepers and app developers need to work with regulators and lawmakers to protect the personal privacy of mobile app users and to ensure that the industry does not become over-regulated.

Read the Rest Here >>>

Last year, California cracked down on mobile apps that didn’t meet the state’s user privacy laws. This January, California Attorney General Kamala Harris put out a document titled “Privacy on the Go: Recommendations for the Mobile Ecosystem” to help mobile app professionals make sure they stay on the right side of the law. Kamala explains at the beginning of the document:

Along with the many wonderful capabilities these apps offer, we remain mindful that the mobile environment also poses uncharted privacy challenges, such as the difficulty of providing consumers with meaningful information about privacy choices on small screens and the many players who may have access to sensitive user information. These are challenges that we must confront and that we must resolve in a way that appropriately protects privacy while not unduly stifling innovation. As Attorney General, I am commited to ensuring that this balance is maintained. …

We are now offering this set of privacy practice recommendations to assist app developers, and others, in considering privacy early in the development process. We have arrived at these recommendations after consulting a broad spectrum of stakeholders: mobile carriers, device manufacturers, operating system developers, app developers, app platform providers, mobile ad networks, security and privacy professionals, technologists, academics, and privacy advocates. We are grateful for their comments and look forward to working with all stakeholders in promoting and adopting these recommendations. It is my hope that our recommendations along with continued private-public collaborations will contribute to improving privacy practices in the mobile marketplace.

The document outlines recommended practices for mobile app developers, platform providers, advertising networks and “others.” As mobile app testers, it’s your job to see how well these parties follow through with the recommendations. While the recommendations are not laws (yet) they are good practices that put user data privacy and security at top of mind, which will help everyone in the long run. Here are some of what you should be looking for when you test an app, based on the California recommendations:

• Is the personally identifiably data requested reasonably necessary for the app’s functionality as described to users?
• What permissions is the app asking for? Do they make sense? Can users modify these permissions?
• Is the privacy policy readily accessible – both before download and from within the app?
• Does the privacy policy clearly explain why the data is being collected, who will have access to it, how it will be stored and how long it will be kept?
• Are unusual or especially important practices (such as accessing sensitive information) specifically highlighted?
• Are users notified about third party access to their data? Are the details (who the third party is, what information they can access, how long and how they will store it, etc) shared?
• Is the privacy policy presented in easy to read and understandable language?

Those are just a few highlights taken from the report. If you play any role in the mobile app ecosystem you should read full report. It will give you insights into different phases of a mobile app’s life and what different stack holders can do to ensure user privacy and mobile app security.

As we told you yesterday, the folks over at uTest labs launched Applause - a new kind of mobile app analytics tool that helps developers better understand what users like (and don’t like) about their apps. There was a lot of buzz around the product, so there’s a good chance you missed their infographic on apps for the big game. If you did, this post is just for you. Take a look: