Security of Apps

Can someone describe to me how Apple protects iPhone users from malicious apps? I know there's a review process and that developers work in a "sandbox" by using approved Apple programming SDKs. While nothing is ever foolproof, how safe am I from malicious apps?
My specific example is that I am using Byline, an app that syncs with Google Reader. My primary Google account is very important, it contains my credit card info, my contacts list, email, etc. So I get nervous when I give out my password to any apps. I understand Byline is very popular and can be assumed to be safe. However, I created a new Reader account just to use with Byline. But it's getting inconvenient to switch between accounts. I'm tempted to just use Byline with my main google account.
In practicality, is it possible for apps to send your personal info, including account logins, back to the developer?

Hello and thank you for using the Palm Help Forums!
As far as I am aware of, we do not allow developers access to your personal information. We value security at Palm so your information is safe on the webOS.

Similar Messages

  • Errors trying to run the xws-security sample app

    Hi all,
    I'm geting errors trying to compile the xws-security sample app, does anyone have any advice? Thanks in advance!
    [kerzhner@kerzhner]~/jwsdp-1.5/xws-security/samples/simple% ant run-sample Buildfile: build.xml
    clean:
    [delete] Deleting directory /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/build
    [delete] Deleting directory /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/dist
    as8-check:
    ws-check:
    tc-check:
    [mkdir] Created dir: /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/build/client/classes
    [mkdir] Created dir: /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/build/server/WEB-INF/classes
    [mkdir] Created dir: /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/dist
    compile-handler-code:
    [echo] Compiling the handler source code
    [javac] Compiling 1 source file to /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/build/server/WEB-INF/classes
    [javac] /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/src/com/sun/xml/wss/sample/SecurityEnvironmentHandler.java:0: error: malformed .zip archive in CLASSPATH: /home/kerzhner/jdk1.5.0_03/lib/tools.jar/
    [javac] /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/src/com/sun/xml/wss/sample/SecurityEnvironmentHandler.java:25: error: Class or interface `java.security.cert.X509CertSelector' not found in import.
    [javac] import java.security.cert.X509CertSelector;
    [javac] ^
    [javac] /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/src/com/sun/xml/wss/sample/SecurityEnvironmentHandler.java:535: error: Type `X509CertSelector' not found in the declaration of the local variable `certSelector'.
    [javac] X509CertSelector certSelector = new X509CertSelector();
    [javac] ^
    [javac] 2 errors
    BUILD FAILED
    file:/home/kerzhner/jwsdp-1.5/xws-security/samples/simple/build.xml:68: Compile failed; see the compiler error output for details.

    Resolved. It was a space issue. Deleted a couple of old apps and have now installed the Sample Websheet Application.

  • Secure Delete Apps

    Hey what happened to the secure delete apps like iErase and iShred that you used to be able to get to ensure your deleted files were really deleted?  Apparently they are not available in the US store? 

    When I downloaded photos from a camera SD card using an adapter, I noticed two Albums were created in the Photo app.(Last Import & All Import). Like you stated, there is no option to delete excess photos without deleting all of them. So this is the lengthy steps I went through to delet the extra album (I hope someone comes up with a shorter process):
    1) Connect iPad into your PC (Make sure you configured to Sync with iTunes)
    2) Go to My Computer > right click and open Apple iPad > right click and open  Internal Storage > right click and  open DCIM. (This will show the photos from those to Albums only)
    3) Right click on a empty space on the desktop
    4) Click on New > Folder
    5) Go back to the DCIM files and right click on each file(one at a time) then copy and paste each file over the New Folder.
    6) Go back to the DCIM files and open each folder and right click and delete each photo.
    You will notice that all the same photos are being deleted on the Photo app simultaneously.
    7) Then drag the New Folder into you Pictures on the PC.
    8)Then open iTunes on your PC and click on the Photo tab and click Sync on the bottom right to import those photos back to your iPad.
    I hope my scenario can apply to you.

  • Design pattern for securing MVC app

    Hi,
    I am new to security, and would appreciate some urls, hopefully with examples of how to implement the following.
    I have an verification app that works on an internal network. The verification process includes SSH-ing onto various boxes and running commands to verify the installed sw/ hardware etc. The login/ usernames for the remote boxes are stored in a plain text configuration file.
    This tool is driven by a MVC web app (implemented using Spring). And currently the client does not do any user validation.
    This app is in the process of being migrated to a live system where the current security model (ie none) will not be acceptable.
    Can someone point me towards some resources suggesting strategies for securing the app. I am guessing the solution will involve the user entering a password initially, and after verification they will have access to a password store. However I don't just want to store the users password as plain text as well... The users password needs to securely stored.
    Thanks for any help, and apologies for the obviously noob question to all you security gurus.
    david.

    Hi,
    I am new to security, and would appreciate some urls, hopefully with examples of how to implement the following.
    I have an verification app that works on an internal network. The verification process includes SSH-ing onto various boxes and running commands to verify the installed sw/ hardware etc. The login/ usernames for the remote boxes are stored in a plain text configuration file.
    This tool is driven by a MVC web app (implemented using Spring). And currently the client does not do any user validation.
    This app is in the process of being migrated to a live system where the current security model (ie none) will not be acceptable.
    Can someone point me towards some resources suggesting strategies for securing the app. I am guessing the solution will involve the user entering a password initially, and after verification they will have access to a password store. However I don't just want to store the users password as plain text as well... The users password needs to securely stored.
    Thanks for any help, and apologies for the obviously noob question to all you security gurus.
    david.

  • Invalid security code, apps wont open! help help help!

    I have the iphone 3Gs and up until three days ago it never let me down. Now I am so furious and nor apple or at&t have done anything to help me resolve this problem or talk to someone that can fix this error that is none other then APPLES fault. I understand that at&t just provides us with the services but I am truely dissapointed that they couldn't connect me with the right person to help me out. After getting ahold of a local apple store they connected me to a REAL person. However after the two hour struggle they were no such help! They told me I would need to pay $29.99 for customer support,this is the fee for a 30 DAY support plan. Can you say RIP OFF?? I have been googling the problem and have become even more furious after reading that a lot of people have the same problem and the fix seems impossible. I updated the phone to see if it would fix it but it made it worst. My apps will not open that I have gotten from the itunes store, only ones that are default to the iphone. WHAT DO I DO? THIS IS DRIVING ME CRAZZZZZY!

    Hey there,
    I can understand how unhappy you can be this is very unfortunite. I really dont think there is a fix to this you can handle yourself if you have forgotten your security code. The only answer is to pay apple to carry out the service and have the problem fixed.
    At the end of the day we need security like this in case our phones were stolen or lost. Its nobodies fault!
    Best of luck my friend! I hope it works out!

  • Set security at app level

    Hello, Is it possible to set security for a group at the application level so it automatically trickles down to the databases below (even new ones)? Thank you in advance.

    We do use incremental dimension builds and we haven't seemed to have a problem about errors not written to the error log.<BR><BR>There was a period when the write and append functions of the error logging were working backwards in MAXL, but that has long since been fixed.<BR><BR><b> import database 'credits'.'credits' dimensions <BR>from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day7" using server rules_file 'store'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day7" using server rules_file 'acct'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day7" using server rules_file 'depts'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day6" using server rules_file 'store'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day6" using server rules_file 'acct'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day6" using server rules_file 'depts'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day5" using server rules_file 'store'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day5" using server rules_file 'acct'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day5" using server rules_file 'depts'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day4" using server rules_file 'store'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day4" using server rules_file 'acct'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day4" using server rules_file 'depts'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day3" using server rules_file 'store'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day3" using server rules_file 'acct'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day3" using server rules_file 'depts'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day2" using server rules_file 'store'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day2" using server rules_file 'acct'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day2" using server rules_file 'depts'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day1" using server rules_file 'store'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day1" using server rules_file 'acct'<BR>, from local text data_file "D:\\hyperion\\essbase\\app\\daily_05\\daily_05\\600$day1" using server rules_file 'depts'<BR>on error write to '3g.out';</b><BR><BR>This is a particularly nasty example of an incremental build, using daily data files to do the dimbuild but when we get errors, they seem to come from more than the last file parsed.<BR><BR>If the <b>on error write to</b> isn't working for you, try the <b>on error append to</b>. Sometime in the not so distant past, the write and append functions were flopped causing a bug of the first degree.<BR><BR>I'm no longer onitoring production processes, moving on to development and documentation, but I've written quite a bit of MAXL in the past and much prefer it to ESSCMD.

  • Security lock apps

    Is there a way to have an app locked with a security code? For example, if I wanted to lock my Facebook app on my iPad with a security code, how would I enable this? Is there a way to select certain apps to have a security lock code without having to lock the home screen upon "waking" up?
    Can anyone recommend a reliable app that can store my username and passwords with a security lock code on it?

    I still don't get why no one has made an app like this. Every parent will want this, so their child cannot access apps which are not for them.
    Either allow individual apps to be locked, groups of apps to be locked, or if someone from apple actually reads this, I think they should make a new version that allows you to create identities just like in a PC, where you can create multiple identities with their own password, so everyone can get in the ipad and have only the apps they need/are allowed to use.

  • Creating secure web apps in JDeveloper 10g preview

    Hi all,
    I am trying to set up a secure web application and test it within JDeveloper 10g preview. So far, I am able to set up the correct entries in web.xml and ???-oc4j-app.xml (actually had to add the role mapping manually in the last file). I am able to automotically bring up a login form, enter my username/password and get to the protected resources. What I am not able to do is the following:
    1. Display an error page when the login fails (I get a generic HTTP 403 page instead of the page I specified in web.xml).
    2. Enable SSL. I can set the write checkboxes, etc., but instead of displaying the login form, the browser asks me to open/save the file home.do (the protected resource). I think there is some setup that is messing, but what is it?
    Any help is appreciated. Thanks.
    Ara

    Sorry, I guess I shoud have made it clearer: I am using HTTP-FORM authentication and I have specified a login and error page there. Neither page is protected (i.e., their URI pattern is not specified in the servlet deployment descriptor).
    I get the login page fine. I am also able to log in,provided I submit the right username/password. The problem comes when I submit an incorrect name/password. In that case, I get a generic HTTP 403 page instead of the error page I specified.
    Hope this provides more clues.
    Ara

  • How secure are Apps that store your personal Information?

    I have a few Apps for storing ID and Credit card info - but I am very hesitant to use them - How do I know that once I have used them, the creator of the app cant access my supposedly "secured" info?

    Any app--regardless of the "who"--can be hacked, and info stolen, if someone wants it bad enough. Not all apps store info in your unit; the info may be safely stored in a encrypted server somewhere far away.
    My recommendation is that you not store your CC info and any personal information you don't want spread around. Turn off certain program functions for example, go into settings and scroll down and see what programs are listed there. You can turn off certain info that they gather there. Other programs, you may need to open the app and adjust settings there.
    If there is an "purchase in the app" function...that becomes your call. Generally, though...the less info you keep in an app, the better.
    Doc

  • Secure Web App Items

    Can you secure the content on a page without securing the page itself? i.e. Web app items on page are visible but you cannot download web app items without logging in.

    Thanks Liam. I have a separate issue & I think you may be the only one that can answer this... Using Web Apps Input Form, visitors can upload file attachments (Upload a Resource). Please see: http://www.unihub.co.nz/econ-101/econ-101 In the case of images, we require a link to the image download (Resources) as is the case with other file attachments such as Word Documents, rather than displaying the image itself. I haven't been able to find a way to do this. Do you know if this is possible please? Or, another solution would be to re-size the image.

  • How to deploy a secured oc4j app in 9iAS

    Hi,
    We are running 9iAS Rel.2 Ent. Edition (9.0.2.0.1) and we want to setup a secured site portion that works through SSL.
    The secured application is already deployed in oc4j but we were using the standalone oc4j container capabilities to mount our application under a secured area, using this fashion:
    <web-site host="myhost" port="443" display-name="Secured app" secure="true">
    Everything works fine using the container-only deployment but now we need a way to deploy this application in 9iAS.
    My efforts to do this were not succesful so far. I was thinking of mounting an SSL folder using httpd.conf and then to forward the request to the secured oc4j application. I tried to do it but I lack the experience with the apache conf unfortunately, so I failed.
    If you can point me to a document that explains how to expose an oc4j application (war or ear) via Apache SSL or if you have any idea, please let me know.
    Thank you!
    florin

    Ok, I found a [very helpful blog post |http://andrejusb.blogspot.com/2009/01/practical-adf-security-deployment-on.html] by [Andrejus Baranovski|http://www.blogger.com/profile/04468230464412457426]. I wish Oracle's documentation was as clear as this...
    The blog post refers to an article by Steve Muench, called [Simplified ADF 11g Application Credential and Policy Migration to Standalone WebLogic Servers|http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html]. This article presents an Ant script that migrates policies from JDeveloper to WebLogic, using some PFM. (See the last definition here.)
    The problem is that Steve Muench's script assumes that JDeveloper and the standalone WebLogic are on the same machine. However, in a typical environment, such as the one I'm working in currently, this is not the case. In our case the developer stations are Windows machines, while our WebLogic server runs on a HP-UX machine. So the question is: how to perform this migration between two machines with different operating systems?
    Regards,
    Bart Kummel

  • Looking for a Darknet/Secure BBS app

    I have been a fan of Haxial KDX for the longest time, but due to the bugs, etc., I would like to move on.  I'm looking for a secure darknet/bbs styled program that supports chat, filesharing, and of basic user management (who can login, who can't, etc..).  I have been asking this question all over the web, and haven't gotten (or found) a single response.  Waste has never worked right for me, by the way.  I would definitely prefer it to be open source, which is why I thought it best to post here.  Please help out, or at least direct me somewhere where I should ask... Thanks.
    As an aside, the guy who wrote KDX and Hotline (Adam?? Hinckley) claimed on the Haxial website that he is willing to sell the project.  I wouldn't mine purchasing and restarting the KDX Project, but I've been unable to get in contact with him.  So...if you are him, or know him, or own the rights to Haxial KDX and all related projects...$$$$$
    Last edited by xen0blade (2010-01-12 13:18:15)

    I've recently become a big fan of OneSwarm - http://oneswarm.cs.washington.edu - I like that it supports remote access.
    But I'm definitely interested to see what this thread brings up!
    Last edited by hAyZe (2010-01-11 20:50:45)

  • Disco Security and Apps 11i?

    Hi,
    I don't understand how Disco works with existing Apps 11i responsibilities to control access
    to the business data.
    When you create a business area and then assign it to Apps responsibility, how do you know that
    the responsibility can access the tables of the business area?
    thanks
    brh

    Hi
    The responsibility can access the business area because the Discoverer administrator said so.
    Working in Apps mode is straight-forward. You install Discoverer into Apps mode using a database account, making sure you check the little box to install into Apps mode. Having created the EUL you make sure your connection settings are right by using Tools | Options | Connections.
    You have to make sure that you have defined whether you will be connecting to Apps mode EULs only or a combination of Apps mode and standard mode. You therefore check either Connect to application EULs or Connect to both standard and application EULs. After this you need to make sure there are valid enties for the Gateway User ID and Foundation Name.
    The standard entrie for these are:
    Gateway User ID: applsyspub/pub
    Foundation Name: apps
    Next you grant admin rights to an Apps user - typically SYSADMIN. You the logout as the EUL owner and log in as the Apps user, making sure to check the little box that says you are connecting to Apps.
    From here on you administer the EUL using the Apps account ONLY. You create EULs and assign access to those EULs using this account. The reason that most folks use the SYSADMIN account is because it can access the responsibilities and other users for ensuring access is correct.
    I have a white paper on my website that will walk you through installing an Apps mode EUL. You might find it to be if interest and you will find it here: http://learndiscoverer.com/downloads/downloads.htm
    Best wishes
    Michael

  • How to add security to App built using InDesign?

    We are using DPS (Single Edition) to build an App that will contain some sensitive information, and we will need to protect this somehow by restricting this content so that only current employees may use it - meaning it should be inaccessible to people outside the company, as well as to former employees who have since left.
    What is the best way to restrict access? Adding password protection seems like the most obvious answer, but is this doable within InDesign? Alternatively, is there another solution, and should it be done within InDesign, or by limiting access somehow with DPS?
    Thanks!

    Ah ha! thanks, but got all the way to the bottom of the blog, quite excited by the info; only to find I need an enterprise adobe account. Why Why Why, as per the other comments, there is a huge demand for clients that only need limited distribution ie hundreds, not ten's of thousands as per large publications.
    Enterprise Dev account for Apple is cheap, DPS enterprise is well, a lot of money.
    There is an opporunity here for Adobe, The Pro-License needs to evolve for non magazine customers, I create Apps for a very large Automotive company, they love my low cost "brochure Apps" they would love to do more but to distribute to retailers, so we are only talking many hundreds. This number seems to be very common - Hundreds.
    DPS Enterprise is geared up and costed up at major magazine publishers, correct?
    I dont need all the publishers subscription stuff, and web folio's and limited articles etc etc.
    But Enterprise limited distribution, and analytics, and yes, even Gold support, is what I would pay for.
    As mentioned on other threads, my clients and myself have decided that we will just make do with SE Apps, so wave good bye to the Pro Licence.
    I doubt I'm alone here, no infact, I know I'm not alone, just hope there will be enough of us to make financially work for Adobe.
    Just  a thought, maybe hopefully, you guys are ahead of me here, and working on something :-))
    Cheers
    Alistair

  • IPhone Security Software Apps

    Anyone see any yet? I'm also trying to figure out how to search for Apps in iTunes.
    Thanks

    Did you upgrade your itunes to version 7.7 yet? Without that, applications are not available. Once you upgrade iTunes, open the store and look on the left side for Applications. It has a little "new" icon by it.
    To search for specific applications, try Advanced Search in the upper right corner of the screen. It allows you to search by keyword, developer and only in applications.
    Message was edited by: OregonFarmer

Maybe you are looking for

  • Airport loses connection sometimes

    Hi guys....need help! I bought my macbook pro 13 inch some time in September 2009. Brand new. Up until 2-3 months ago, things were running smoothly in regards to my wireless connection. Lately (for the past 2-3 months) when I close the lid of the mac

  • Album Art Screen Saver

    Hi, I use the above screen saver. At times when I return to my computer and "wake" it out of the screen saver, the screen saver will freeze for a while (varying from a few seconds to a couple of minutes) and only then will close. Any ideas? it only h

  • Syntax error in code

    Hi everyone, Can anyone please tell me what is the syntax error in the following code when run in 11g. FUNCTION plch_func (check_in IN BOOLEAN) RETURN VARCHAR2 AS BEGIN RETURN CASE WHEN check_in THEN '123' WHEN TRUE THEN '456' --WHEN SYSDATE < plch_n

  • Tweet sheet and share sheet just dont work!

    its been 4 versions of mountain lion and its amazing how a 'cover page' feature of the OS doesn't work! the tweet sheet and the share just just wont show up. definitely not from the notification center! this was a much advertised feature of mountain

  • Any one implemented BADI :BADI_LE_SHIPMENT

    Hi all, Is anyone has implemented BADI: BADI_LE_SHIPMENT. I am trying to implement the method: AT_SAVE and i want to update: VTRLK. please let me know how should i implement AT_SAVE Method. Thanks.