Filed under: OS, Software, iPhone
iPhone OS 3.1 anti-phishing works; you just need to set it up properly
Remember hearing that one of the new features of iPhone OS 3.1 was an anti-phishing capability for Safari? Jim Dalrymple over at The Loop wondered if it was working properly, and asked Apple what was going on. The response?"Safari's anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there aren't any additional data fees," Apple spokesman, Bill Evans, told The Loop. "After updating to iPhone OS 3.1 the user should launch Safari, connect to a Wi-Fi network and charge their iPhone with the screen off. For most users this process should happen automatically when they charge their phone."What this apparently does is allows Safari to completely download the anti-phishing database, which is necessary before the feature will work. It also appears that you'll need to update the database on occasion in the same way -- charge your iPhone with Safari up and the screen off.
As always, TUAW urges you to practice safe computing, so enabling anti-phishing in this odd Apple-approved manner is highly recommended.
[Thanks to LoopInsight.com for digging into this]
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
essjay said 3:46PM on 9-12-2009
"For most users this process should happen automatically when they charge their phone."
I don't think most users launch Safari before putting their phone on to charge, so I don't really buy that.
And while we're at it, why are they downloading the database, why don't they just use an online one? After all, they can't use the excuse that they want to protect you even when you don't have a data connection, because if you don't have a data connection you're not going to be able to get to the phishing site.
This just doesn't make sense to me at all.
Reply
Ed said 4:02PM on 9-12-2009
Safari runs even when it's closed, unless some other app desperately needs the resources it's using. As such, most of the time, Safari is running when the phone is on, even if you can't see it. This is how it keeps your pages loaded even when you close and reopen it. This same principle applies to iPod and Mail.
As for why it doesn't use an online one - this is pretty obvious. If it didn't download it, every time you visited a website, it would have to go to another website (google for example) to validate the URL - to check it isn't on the blacklist. This would double the number of web requests, and hence potentially have a big hit on the speed of loading any page. It would also have the side effect where loading any page would depend on google's servers being available - if you were in a corporate firewall for example, or google's servers went down, viewing a page would either be much slower as it tried to access the server or might even fail completely.
Do you now 'buy' it?
Greenie said 4:06PM on 9-12-2009
If I understand correctly, Safari is nearly always running in the background unless you open up enough apps to reclaim that memory from Safari.
MacBookOwner said 4:16PM on 9-12-2009
Nice explanation Ed!
To be fair though, the Apple guy wasn't clear about this. Telling users to "launch Safari" and then leave the phone to be charged makes it seem like the user does in fact have to do something specific, or it won't download the updates. And the "For most users" thing just makes it more confusing, as people will plug in their phones, then see if Safari magically launches visibly, like when they actually select the Safari icon.
Hopefully, as Ed noted, he just means the iPhone will download the updates in the background while being charged/not used.
essjay said 4:26PM on 9-12-2009
Ed, that makes perfect sense, but it's not the way it was described by the Apple rep who certainly makes it seem as if you have to launch Safari first, as pointed out by MacBookOwner.
As for polling a service, the hit would be negligible to say the least. And I don't think anyone would suggest blocking access entirely where the service was unavailable, you would either assume access or go to a fallback. For me, the benefits would outweigh the negatives. For example, always having an up to date list, rather than one that's only as up to date as the last time you charged your phone while connected to a Wi-Fi connection, which for some people may be never.
Ed said 4:47PM on 9-12-2009
It wouldn't be negligible. Latency on the mobile phone network can be significant - in the range of seconds at times. Add on the cost of actually transferring data, and a request to google could easily be 2 seconds extra per page-load. If you also consider that it's perhaps beneficial to check other web page assets (images etc) against the blacklist, this could have a huge impact if every image on a page was checked against the list. Downloading it once negates all those issues.
The reason the apple rep said to open Safari and leave it on when the phone is plugged in is because that's the best way to make sure that Safari is running. He couldn't really say anything else - how else can you make sure that Safari is really running except for the fact that it's visibly open?
The other reason to download a list and check against it is privacy. This way only, you, your ISP/phone company and the website owner know you're visiting. Add in a live list, and the list owner also knows every site you visit. Many people would have an issue with that.
This is what 'real' Safari does, and people seem to care: http://www.guardian.co.uk/technology/blog/2008/nov/25/apple-safari-phishing-security
MRCUR said 9:31AM on 9-13-2009
My issue with how Apple wants this to be done is that I almost never have the phone plugged in and charging. I charge my phone every night, but I turn it off right after plugging it in. I don't want to receive calls or texts throughout the night so I always turn my phone off.
Greenie said 4:08PM on 9-12-2009
Ed beat me...and did a better job explaining. Nice work.
Reply
Dave said 4:16PM on 9-12-2009
How do you know its downloading the information? Is there a way to check to see if it's updated?
Reply
David Frantz said 4:18PM on 9-12-2009
This is all well and good but also rather stupid if you ask me. First up is that I don't have regular access to Wifi (one of the reasons to buy iPhone), especially when charging which often happens at night or in the car.
Second something this important really needs a user instituted option. That is if I'm near a wifi access point there ought to be a way to fire up the download process and to verify that it has completed. Really how does one know if they have a complete blacklist file.
Third something like this needs to have been publicly documented. Of course Apple is likely to be embarrassed by the whole arraignment so that won't happen.
This simply strikes me as Apple at its worst. Here we have an important feature that requires the user to jump through hopes of an unknown sort to even use the feature. It is far to opaque for my tastes.
Dave
Reply
Tired_ said 4:24PM on 9-12-2009
Interesting. So if I want this to work, I'll have to uninstall that plugin that kills the Safari process when I hit the home button (unless I want to leave Safari open every so often to update it, which I'll never remember to do). Good tip!
Reply
Andre said 4:27PM on 9-12-2009
Must be something wrong with my iPhone 3GS, and my 3G before that. When I turn the screen off, my wireless disconnects and it uses 3G. This is evidenced by it being on 3G when I turn it back on briefly, and when I turn it off I see the disconnect happen on my Airport Extreme base station.
Not sure about this...
Reply
Ed said 4:49PM on 9-12-2009
I don't believe this happens when plugged in. At least not when I tried it just now. It does normally though.
Andre said 4:56PM on 9-12-2009
Ah, further testing is required. I hadn't tried it plugged in.
So if we don't have WiFi it won't download?
MRCUR said 9:37AM on 9-13-2009
@Andre - Yes, that is correct. Without WiFi the blacklist will NOT download. I believe Ed is right as well - when the phone is plugged in it won't disconnect from WiFi, but otherwise it will drop to cellular data when locked.
L3 said 6:54PM on 9-12-2009
They have never sold out to The Man. Leave this band alone!
Reply
DistortedLoop said 9:11PM on 9-12-2009
Seems to me a bit of a kludge. I was going to say that they should just have iTunes sync the blacklist automatically, but I imagine that idea will be attacked by many who will respond that they don't sync with iTunes daily, which is fair enough.
I agree with those who posted that this sounds like poor communications in terms of explaining the feature and how to keep it current.
Reply
ak said 11:14AM on 9-13-2009
Why not just have itunes download it and send it to the phone when syncing? Or an update process through the online store? This just seems odd.
Reply
maramian06 said 4:09AM on 9-14-2009
hello i download a iphone 3.1 but i coudnt get it to work
its says.., this Sim card inserted to this iphone, does not appear to be supported
why...?
Reply