tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/21737-gpgtools-for-iosGPGTools: Discussion 2015-08-14T13:05:52Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-06-03T13:30:41Z2014-06-03T13:30:41ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>We're certainly very interested.<br>
More to follow as soon as there are concrete plans.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-07-25T20:22:01Z2014-07-25T20:22:02ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>Any news about the topic? It would be great if we could get gpg
for iOS Mail.</p></div>Christophtag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-07-26T11:43:06Z2014-07-26T11:43:08ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>iOS is full of backdoors and Apple has admitted it.</p>
<p><a href=
"https://pentest.com/ios_backdoors_attack_points_surveillance_mechanisms.pdf">
https://pentest.com/ios_backdoors_attack_points_surveillance_mechan...</a></p>
<p>Not sure if decrypting sensitive emails on iOS is a good idea in
general.</p></div>Hanstag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-07-26T18:13:50Z2014-12-30T23:27:59ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>hans. iOS is no less secure than any other mobile os, probably
more so in most cases. this 'revelation' is not a revelation, apple
has documented most of the tools 'revealed' in mr. z's
presentation. he does have some good points, and i happen to agree
with his 4 point recommendation list, but this is not a cause for
panic in any way. and certainly not a reason to think 'iOS is full
of backdoors'.. that's just inflammatory and misleading. take a
look at android. windows mobile. you can do all these things, and
more. some of these tools are necessary for customer support, some
are necessary for law enforcement compliance. should they be more
transparent, i'm sure they will be. should some adjustments be
made, like utilizing encryption when transferring over wifi with
the file xfer util, sure. that will happen i'm sure. but this is
not the smoking gun it purports to be, not at all, so.... get a
grip. further, if gpgtools for iOS is implemented in any way
workable, the files/data/emails encrypted on the device will not be
accessible to anyone without the users gpg private key. that's how
encryption works. as long as plaintext isn't stored in memory,
which gpg would never do...., there is no chance of even snoopers
getting unencrypted data. the unencrypted data referred to in mr.
z's research is iOS user data, that IS encrypted by the os on the
device normally, but when a passcode is entered -- make note of
this -- and thus the data unencrypted, the tools apple has
implemented will transfer the now unencrypted data to a user (law
enforcement presume) WITH THE PHONE PAIRING KEY -- make a note of
that. in either case, properly implemented gpg would leave the
messages encrypted and there would still be no chance of a data
breach even using these 'backdoors'. so. little less drama.</p>
<p>if this is an overreaction, apologies, i've just read too many
'the sky is falling' posts about this this week. people need to get
it in perspective. thx.</p></div>dtichtag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-07-26T20:28:54Z2014-07-26T20:28:57ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>If you look at the presentation you can see that the data
accessible without user consent are screen shots of the last things
he did so if I'm not mistaken that could indeed include the display
of a decrypted email and other things.<br>
Given the broad amount of data they can access "for diagnosis"
(without user consent or notification or an option to turn that
off!) would that not include secret keys? If not, what evidence do
we have other than Apple's quietly issued support article?</p>
<p>So far there was only a quite vague response from Apple and why
should we trust Apple more then any other Info involved in
this?</p>
<p>I'm no expert but to me this seems a bit like the German
government that said "there is no NSA spying in Germany. The NSA
has told us they are not spying on us" one week after Snowden.</p>
<p>Also: How will it be possible to audit an iOS app once it
becomes reality?</p>
<p>Just wondering. Not comparing Android vs. iOS. Just wondering
about the assumption that if Apple collects everything from it's
devices it's OK and safe?</p>
<p>So far there's only the analysis and a brief response from Apple
basically saying that all this is "just for diagnosis".</p></div>Hanstag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-07-28T10:40:33Z2014-07-28T20:48:39ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>No news concerning GPGTools on iOS.</p>
<p>I'll leave this discussion open for more opinions. The
"revelation" is indeed news. And there's stuff happening which
should not happen. Apple needs to take action on this, imo. The
fact that those services are there in the first place is worrying
to put it mildly.</p>
<p>Also I somewhat agree with Hans. Mobile in general has much
weaker security than desktop and if you encrypt stuff in the first
place, it might not be such a great idea to decrypt on mobile
afterwards. But I also understand that this is a major drawback for
many users. For the time being you can use iPGMail to decrypt stuff
on iOS.</p>
<p>Here's more detail in a video from Mr. Zdziarski: <a href=
"https://www.youtube.com/watch?v=z5ymf0UsEuw">https://www.youtube.com/watch?v=z5ymf0UsEuw</a><br>
And nice summary: <a href=
"http://ddz.roughdraft.io/b6879ba86fc7ddc2e26f-ios-lockdown-backdoors">
http://ddz.roughdraft.io/b6879ba86fc7ddc2e26f-ios-lockdown-backdoors</a></p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-10-15T13:13:36Z2014-10-15T13:13:37ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>For me, until I have GPGTools for iOS I cannot even use it in
OSX because of how often I have to switch between the two.</p>
<p>The security issues around iOS in that presentation are no more
sever than the ones in OSX and Windows. It just happens that
because of the desire to jailbreak by so many these issues come to
light on iOS more than on OSX.</p>
<p>iOS and OSX share so much of the same code, you might be
surprised to see just how similar they are. Every day they grow
more and more so as Apple prepared to leave the Intel platform in
favor of RISC architecture for all of it's devices. This is no
secret it's been discussed many times and lots of power users out
there are already throwing fits. Anyway if you run the same tests
on an out of the box OSX machine you will se that many of the same
concerns exist on OSX as they do on iOS.</p>
<p>That said I am of the opinion that this should not affect the
decision to product GPGTools for iOS.</p>
<p>Personally I am looking for a mail solution that works on OSX
and iOS both that will allow me to use S/MIME or GnuPGP as I wish,
and GPGTools is the best possible solution if it comes to iOS.
Until then then I am force to either use a dozen various different
tools (will never happen I don't have that kind of time) of just
not encrypt anything with the latter being the current
solution.</p></div>Bryantag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-11-02T13:21:58Z2014-11-02T13:21:58ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>Bryan: You can use iPGMail or oPenGP on iOS.</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-11-02T17:02:37Z2014-11-02T17:02:37ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>Actually I cannot because I need the option to use both PGP and
S/Mime depending on who I'm communicating with, without switching
between multiple programs. Businesses insist on using S/Mime over
PGP.</p></div>Bryantag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-12-17T21:55:52Z2014-12-17T21:55:52ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>Well isn't S/MIME supported on iOS by apple and then iPGMail
would cover you on the OpenPGP side of things. But I do not use
S/MIME so might be mistaken.</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-12-18T21:26:54Z2014-12-18T21:26:54ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>Steve, nope that separates mail into two separate applications
and is unacceptable for my use.</p></div>Bryantag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762014-12-18T21:37:21Z2014-12-18T21:37:21ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>Not really. iPGMail is started from within iOS Mail.app.</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762015-04-13T22:44:16Z2015-04-13T22:44:16ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>Hey there!</p>
<p>Any news?</p></div>Hungrytag:gpgtools.tenderapp.com,2011-11-04:Comment/332475762015-04-14T10:59:11Z2015-04-14T10:59:11ZiOS PenTested by Jonathan Zdziarski (was: GPGTools for iOS)<div><p>@Hungry: Regarding GPGTools on iOS? No. And not likely to happen
in the near future.</p></div>Steve