iPhone 2.0’s Location Based Services powered by the new CoreLocation framework

Apple has created a new framework called CoreLocation for iPhone OS 2.0. This framework is almost certainly powered by Googles ‘my location’ cell tower database and Skyhooks Wifi database as used in iPhone OS 1.1.3 onwards.

From the “Core Location Framework” documentation in the iPhone SDK

“The Core Location framework lets you determine the current latitude and longitude of a device. The framework uses the available hardware to triangulate the user’s position based on nearby signal information. You use the classes and protocols in this framework to configure and schedule the delivery of location-related events.”

Interestingly CoreLocation enables tracking of the user, it possible for the iPhone to receive updates as the user moves around. If tracking is enabled a new update is sent everytime the user moves beyond a set distance (distanceFilter) from the last update. This will enable all sorts of useful applications like realtime map updates while driving and location triggers such as tell me when I’m within 1 mile of one of my buddies.

CoreLocation’s API is location technology agnostic i.e. theres no mention of cell towers, wifi or GPS. However we can speculate that tracking only really becomes useful when GPS is used. For example cell tower tracking is not very good for turn-by-turn driving directions.

The best mobile applications use as much context as they can get from the device, network and user. Knowing the users location is key to reducing keystrokes and letting the user get the information they want with the minimum of fuss – Apple have achieved this in iPhone OS 2.0 – expect some exciting applications in the next few months.


Better ‘Click to call’ using redirects

A lot of mobile sites with click-to-call advertising or services require 3 clicks for click to call – first you click on the ‘click to call’ link then a new page loads often with a confirmation message e.g. ‘Click the link below to call Acme!’, after that the phone itself will ask for confirmation you really want to dial a number – that’s 2 clicks too many.

What’s happening is that the first click is registering the click through with the ad server/tracking engine, so that commission can be charged or whatever charging mechanism is in use.  You can’t easily do that on a a “tel:” URL because the mobile intercepts the click and dials the number (the server never knows about it).  To the end user its annoying – “Why didn’t the first click just connect me?”

Luckily there a ‘trick’ to get rid of one of the clicks.

It works like this:

The click to call link should hit the server e.g. be a http link, this should register the click with the tracking engine.  The server should send back a HTTP response 302 – a redirect.  The redirected URL should be the “tel:” link.  To the user there is a slight pause while the server is contacted, then their phone will prompt them to allow the call.  3 clicks have been reduced to 2.  That leave one click to obey the ‘3 clicks to anything’ rule aspired to by mobile UI designers everywhere.

‘Send to a friend’ SMS gotchas part 2

Another thing to look out for with SMS to a friend is allowing the sender to enter in their name.  You must ensure the name data is checked by the server to not include any misleading data.

For example: 

“Your friend John has sent you a link http://coolstuff.mobi/212322.  Check out more cool stuff at coolstuff.mobi”

The form to send this required a destination mobile and name, imagine the following variations on “John”: 

“Your friend John sent you this http://nefarious.mobi/dosomethingbad he also has sent you a link http://coolstuff.mobi/212322.  Check out more cool stuff at coolstuff.mobi”

other variations:

 “Your friend John called on 199100100 and also has sent you a link http://coolstuff.mobi/212322.  Check out more cool stuff at coolstuff.mobi” 

Of course 1991100100 would be some premium rate number. All ofthese exploits are well known in the web world, the mobile world adds the added  problem of it being relatively easy to extract money from the innocent mobile user. 

The Fix:

Clean all data submitted in forms, remove all URLs including click to call URLs like “tel:” and “wtai://wp/mc;”          

‘Send to a friend’ SMS gotchas

UPDATE: The developers removed the send to a friend functionality!

There I was using a mobile site that allowed you to send the page you are on to a friend (by SMS).  Upon closer inspection it had a huge security hole, it was a hole that each time it was exploited cost approximately 15 to 20 cents. It was also easy to change the destination mobile number allowing it to be used as a denial of service attack on a single number or to spam a range of numbers.  It was repeatable and easily scriptable.  NOTE I disclosed this to the company responsible, I didn’t even get a response. 

Read the rest of this entry »

iPhone double tap zoom – indistinguishable from magic

When I first saw Steve Jobs demo the iPhone’s double tap zoom feature on webpages I noticed something really neat – the zoom always seem to perfectly zoom to show a block of text.  There are 2 explanations

  1. It’s a fixed zoom level (e.g. 50%) that happened to work well in the demo (New York Times)
  2. It’s a smart zoom that knows what its zooming into and “does the right thing”

From Apples iPhone for Web Developers page: Design for Double Tap

“When the user double-taps a page, Safari on iPhone looks at the element that is double-tapped, and finds its closest block (as identified by elements like DIVOLULTABLE) or the image element (IMG) ancestor. If the found element is a block, Safari on iPhone zooms the content to fit the viewport width and then centers it. If it is an image, Safari on iPhone zooms to fit the image, and then centers it. If the block or image is already zoomed in, Safari on iPhone zooms out.”

That’s a beautiful fusion of technology and usability which to borrow a phrase from Arthur C. Clarke is sufficiently indistinguishable from magic.

Now I’m a cynic but I bet none of the iPhone contenders will manage to do this as well as Apple for several years – but expect the cheap, nasty and unsatisifying 50% zoom hack from competitors within months 


Wide open gate in Telstra’s Walled Garden

There I was perusing the Sensis WAP site from an Optus mobile phone when I seem to have clicked my way into the Telstra/Bigpond walled garden.  Read the rest of this entry »