roamTouch GestureKit

September 16th, 2014

roamtouch.pngI have been following roamTouch for a long while now. Their latest incarnation is GestureKit a cross-platform tool to create and use gestures in apps. They currently have a new Indiegogo crowdfunding campaign to fund further development.


The proliferation of apps, devices and types of device increasing need new ways to control them more easily. GestureKit extends and adapts the popular swipe metaphor to help people cut through complex UIs and do things with the minimum of steps. 

The Future of Apple Pay and NFC

September 15th, 2014

apple.gifI have been analysing Apple Pay to determine if it’s likely to accelerate mobile payment in general and the use of NFC. FirstPartner have an explanation how Apple Pay Works and Penrillian explain how the market isn’t open yet.

The initial implementation is US only, supports only 1.5% of US merchants, relies on the unpopular Apple Passbook and will only work on newer devices containing NFC. Hence, in the short term it won’t be used by many people. More importantly, the implementation is currently closed in that it only allows NFC payments via Apple. It isn’t possible for third parties to use NFC to build more universal, ubiquitous payment solutions. While the essential building blocks for ‘universal’ NFC-based systems across Android/iOS will soon be in place, such systems are blocked by Apple’s strategies.

NFC isn’t just about payment. It can be used in security, authentication, stock control and a myriad of contextual triggering apps, many in the growing realm of the Internet of Things (IoT). All these possibilities of using NFC are closed on iOS for now. However, I suspect that as with apps, when initially Apple said there would be no native apps and only web apps, they will have to open things up. A universal payments system is too compelling and it’s incomprehensible that Apple will stay closed in this area for so little apparent gain. The Internet of Things needs NFC as well as Bluetooth LE (iBeacons). I believe Apple will see themselves under increasing pressure from many directions to open up the NFC APIs.

Update: Adam Cohen-Rose has pointed me to an interesting article by Clover that describes how the network-side token system was proposed/implemented by the payment networks (Mastercard, Visa). There’s no reason why this couldn’t be, and probably will be, implemented on say Android. This suggests a ‘universal’ system might be viable provided it uses a similar network-side token system.

Update: In an email to Cult of Mac, an Apple spokeswoman confirmed that NFC chip on the iPhone 6 and 6 Plus is only for use with Apple Pay. Like Touch ID on the iPhone 5s, Apple is keeping its NFC restricted from developers, at least for its first year.

Update: Mark Ranta asks Where’s the Beef? and hopes Apple Pay is just the first (baby) step.

Update: Teardown shows NFC chip is from NXP.

Update: Why Apple Pay Won’t Work.  

Related Articles:

Comprehensive Mobile Device Usage Report (and data)

September 11th, 2014
scientiamobile.pngScientiamobile has a MOVR report for April to July 2014. It’s a free report (pdf) based on WURFL and WIT usage data. It gives information on smartphone and tablet use across manufacturers, devices, operating systems, screens size and countries. 

The report covers only a small subset of the raw data that’s also available as csv and JSON data. The data is useful if you wish to analyse usage in a specific country or for a class of devices.

Emerging vs Mature Market Smartphone Growth

August 29th, 2014

idc.gifI have often mentioned how smartphone growth is mainly in emerging markets. Well, now we have information from IDC that puts some numbers on current and forecasted smartphone growth…


I am amused with the way IDC classifies very low end Android devices as "borderline junk" - something that Google is hoping to change with Android One. However, I suspect Android One is as much about keeping control of the platform and discouraging forks of Android as it is about improving low end hardware standards.

Related Articles:

Shuttle Mini Android PC

August 28th, 2014
shuttle.pngShuttle, the Mini PC maker has a new ARM-based Android PC. It runs Android 4.2.2 on a ARM Cortex-A9 Freescale i.MX 6 DualLite processor with two 1GHz cores and uses only 4-watts when in idle.



Shuttle are under-selling it as a ‘digital signage player’ when in fact it’s suitable for a large range of projects. Specification (PDF).

Related Articles:

Android Growth

August 27th, 2014

idc.gifIDC has a great chart and table that shows how Android smartphone shipments have increased over time. You can also see how iOS shipments oscillate as new devices become available…


Will Android continue to increase in market share? At the moment the only threat is that Chinese OEMs are outpacing the market coupled with the news that China is developing its own desktop and mobile OS. As a result, the growth of China-supplied Android devices for use in China might subside sooner than expected.

Related Articles:

Mitigating Tap Jacking

August 26th, 2014

usenix.pngYou might have heard very recent press saying it’s possible to hack into apps such as GMail. The source of this is a presentation from the 23rd USENIX Security Symposium on Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks.

While the use of shared memory to discover app use is novel, the use of overlaid windows isn’t new and is known as tap jacking. You can learn more and discover mitigation techniques on my security site.

Related Articles:

Listening in on Android Apps

August 21st, 2014

fireeye.pngFireEye has a new post on Android man in the middle (MITM) vulnerabilities on Android. While it covers Android, the coding flaws are just as applicable to iOS. FireEye found that 68% of 1000 most downloaded apps had one of three SSL vulnerabilities. For the avoidance of doubt, these are vulnerabilities introduced through app coding, not vulnerabilities in the Android OS. FireEye also found that of a random sample of 10,000 free apps, 40% used trust managers that didn’t check server certificates.


Even if you have coded your own app correctly, there’s the possibility that an included library has a vulnerability. For example, Flurry, up to v3.4, had such a vulnerability.

If you need further guidance, take a look at my security site:

There’s also a follow up FireEye article on why these issues are also applicable to enterprises, even when they are using a mobile device management (MDM) solution that silos apps.

Related Articles: