iPhone 2.0’s Location Based Services powered by the new CoreLocation framework

Apple has created a new framework called CoreLocation for iPhone OS 2.0. This framework is almost certainly powered by Googles ‘my location’ cell tower database and Skyhooks Wifi database as used in iPhone OS 1.1.3 onwards.

From the “Core Location Framework” documentation in the iPhone SDK

“The Core Location framework lets you determine the current latitude and longitude of a device. The framework uses the available hardware to triangulate the user’s position based on nearby signal information. You use the classes and protocols in this framework to configure and schedule the delivery of location-related events.”

Interestingly CoreLocation enables tracking of the user, it possible for the iPhone to receive updates as the user moves around. If tracking is enabled a new update is sent everytime the user moves beyond a set distance (distanceFilter) from the last update. This will enable all sorts of useful applications like realtime map updates while driving and location triggers such as tell me when I’m within 1 mile of one of my buddies.

CoreLocation’s API is location technology agnostic i.e. theres no mention of cell towers, wifi or GPS. However we can speculate that tracking only really becomes useful when GPS is used. For example cell tower tracking is not very good for turn-by-turn driving directions.

The best mobile applications use as much context as they can get from the device, network and user. Knowing the users location is key to reducing keystrokes and letting the user get the information they want with the minimum of fuss – Apple have achieved this in iPhone OS 2.0 – expect some exciting applications in the next few months.

Better ‘Click to call’ using redirects

A lot of mobile sites with click-to-call advertising or services require 3 clicks for click to call – first you click on the ‘click to call’ link then a new page loads often with a confirmation message e.g. ‘Click the link below to call Acme!’, after that the phone itself will ask for confirmation you really want to dial a number – that’s 2 clicks too many.

What’s happening is that the first click is registering the click through with the ad server/tracking engine, so that commission can be charged or whatever charging mechanism is in use.  You can’t easily do that on a a “tel:” URL because the mobile intercepts the click and dials the number (the server never knows about it).  To the end user its annoying – “Why didn’t the first click just connect me?”

Luckily there a ‘trick’ to get rid of one of the clicks.

It works like this:

The click to call link should hit the server e.g. be a http link, this should register the click with the tracking engine.  The server should send back a HTTP response 302 – a redirect.  The redirected URL should be the “tel:” link.  To the user there is a slight pause while the server is contacted, then their phone will prompt them to allow the call.  3 clicks have been reduced to 2.  That leave one click to obey the ‘3 clicks to anything’ rule aspired to by mobile UI designers everywhere.

Googles ‘my location’ for mobile – how Google snatched billions of dollars of revenue from Telcos worldwide

Google’s “My Location” feature for Google maps on mobile is remarkable. It allows phones without GPS to be located. In one fell swoop it achieved the following:

Google have undermined the value of GPS in phones

Why buy a GPS phone when google can ‘upgrade’ your existing phone? A lot of people dismiss cell tower based location finding as useless due to its accuracy of 300 metres to 1.5 kilometers – it’s not much use for driving directions but its very useful for cinema times, traffic conditions, weather, news and find a friend functions. The less clicks the better on mobile and google just eliminated 90% of the pain of entering your location.

Additionally GPS doesn’t work indoors, using the last location that the GPS received can be woefully inaccurate (“why does my mobile think I’m in my back yard?”).

Google have drastically reduced telecommunications companies location based services stream

Telcos have been holding their crown jewels of cell tower based location finding close to their chests for years now. In most of the world there is no cross telco location service requiring developers to negotiate and intergrate with each telco separately – slow, painful and expensive.

The revenue model I’ve seen most often is to charge the equivalent of an SMS cost for locating a user e.g. if you have an app such as ‘find a friend’ and the application want to locate the user then the API cost of that is one SMS credit – typically 0.15 Euro. Google can now do this for all phones for free. Add this up and billions of dollars has been lost by telcos world wide – its entirely their fault – such a costly service means things like tracking services or location based advertising are unfeasible.

I was anecdotally told by a large telecom equipment provider that soon after the Google press release went out telcos were calling asking to ‘block’ access to this information – too late – the cat is out of the bag.

Google have removed one barrier of mobile services, especially search

A very smart person at Vodafone once told me mobile services are all about the user context. A key context is location – know where a person is, the time of the day, their previous searches and you know one hell of a lot about them. Yellow pages types search are greatly enhanced by a default location e.g. local cinema times, traffic jams, public transport.

Enhance PC searching services

Google now have the opportunity to enhance their PC based searches by offering a ‘locate me using my phone’ option on PC google maps, iGoogle etc. As with most of the privacy concerns about google, if the service is compelling enough most people will use it. Imagine a search box like the following

[mexican food ] [Search] [I’m feeling lucky”] [“Search using my mobile location”]

High barrier to entry for competitors

So now that we know it can be done (build a cell tower database without carrier permission or assistance) why not just copy what google did?

Its hard for several reasons
1 You need to install an application in GPS phones.

GPS phones are relatively rare – its seen as a smart phone feature, this greatly reduces your size of your crowd needed for crowd sourcing a worldwide cell tower database.

2 You need a pervasive installed mobile app on GPS phones

Google have the excellent Google maps for Mobile, lots of people have downloaded it. Its has secretly been collecting cell phone tower locations via GPS for months. What other native application is as pervasive as google maps? Games? Most are written in java and generally do not have access to cell tower information.

3 You need smarter than average mobile developers

Cell tower information is not normally available to developers, it has hitherto served no useful purpose to application developers, it is system level information like the MAC address of your ethernet card. Since the previous two points greatly reduced the data collection ‘crowd’ size you should read the cell tower info from as many phones as possible. You also need to work out timing information to roughly calculated the distance from the tower, this may involve some very low level hacking of the phone modem software – this means smart developers hacking windows mobile, blackberries, symbian, linux etc – this is expensive.

So who best to compete with google, preferably to create an open source DB of cell tower locations?

I think the only companies who can compete with this is phone manufacturers, in particular if Nokia added this to an update of Symbian and release some new phones they could create a rival database very quickly. Microsoft could do it too.

There is one other option, its cheap, effective and a secret – contact me if you are interested.

‘Send to a friend’ SMS gotchas part 2

Another thing to look out for with SMS to a friend is allowing the sender to enter in their name.  You must ensure the name data is checked by the server to not include any misleading data.

For example: 

“Your friend John has sent you a link http://coolstuff.mobi/212322.  Check out more cool stuff at coolstuff.mobi”

The form to send this required a destination mobile and name, imagine the following variations on “John”: 

“Your friend John sent you this http://nefarious.mobi/dosomethingbad he also has sent you a link http://coolstuff.mobi/212322.  Check out more cool stuff at coolstuff.mobi”

other variations:

 “Your friend John called on 199100100 and also has sent you a link http://coolstuff.mobi/212322.  Check out more cool stuff at coolstuff.mobi” 

Of course 1991100100 would be some premium rate number. All ofthese exploits are well known in the web world, the mobile world adds the added  problem of it being relatively easy to extract money from the innocent mobile user. 

The Fix:

Clean all data submitted in forms, remove all URLs including click to call URLs like “tel:” and “wtai://wp/mc;”          

‘Send to a friend’ SMS gotchas

UPDATE: The developers removed the send to a friend functionality!

There I was using a mobile site that allowed you to send the page you are on to a friend (by SMS).  Upon closer inspection it had a huge security hole, it was a hole that each time it was exploited cost approximately 15 to 20 cents. It was also easy to change the destination mobile number allowing it to be used as a denial of service attack on a single number or to spam a range of numbers.  It was repeatable and easily scriptable.  NOTE I disclosed this to the company responsible, I didn’t even get a response. 

Read the rest of this entry »

iPhone double tap zoom – indistinguishable from magic

When I first saw Steve Jobs demo the iPhone’s double tap zoom feature on webpages I noticed something really neat – the zoom always seem to perfectly zoom to show a block of text.  There are 2 explanations

  1. It’s a fixed zoom level (e.g. 50%) that happened to work well in the demo (New York Times)
  2. It’s a smart zoom that knows what its zooming into and “does the right thing”

From Apples iPhone for Web Developers page: Design for Double Tap

“When the user double-taps a page, Safari on iPhone looks at the element that is double-tapped, and finds its closest block (as identified by elements like DIVOLULTABLE) or the image element (IMG) ancestor. If the found element is a block, Safari on iPhone zooms the content to fit the viewport width and then centers it. If it is an image, Safari on iPhone zooms to fit the image, and then centers it. If the block or image is already zoomed in, Safari on iPhone zooms out.”

That’s a beautiful fusion of technology and usability which to borrow a phrase from Arthur C. Clarke is sufficiently indistinguishable from magic.

Now I’m a cynic but I bet none of the iPhone contenders will manage to do this as well as Apple for several years – but expect the cheap, nasty and unsatisifying 50% zoom hack from competitors within months 


Wide open gate in Telstra’s Walled Garden

There I was perusing the Sensis WAP site from an Optus mobile phone when I seem to have clicked my way into the Telstra/Bigpond walled garden.  Read the rest of this entry »