I know that buying Chinese based(not made) technology should be at least questioned if not avoided. I’m searching for a rugged smartphone and only one of the companies on TR’s top 10 list is not Chinese based. How concerned should I be?
I want to connect a mobile app through the woocommerce API to “Create Order” for a product linked to a vendor such that this will create the sub-order automatically for a given vendor account. The woocommerce API does not provide this capability by default and the "post author" is assigned to the user authorised to make the API call. How do I go about this?
Apple claims in this year’s WWDC that Face ID and Touch ID count for both Possession and Inherence identity factors, because they are using Biometrics (Inherence) to access the secure element on your phone (Possession) to retrieve a unique key. See here: https://developer.apple.com/videos/play/wwdc2020/10670/
I think both claims are a stretch. For Inherence, yes, you have proved to iOS that the person who set up Face ID is again using the phone, and therefore given access to the secure key. So iOS can claim Inherence. But your app has no proof that the human possessing the phone is actually your user. Hence my app considers mobile local authentication merely a convenient Knowledge factor–a shortcut for your username and password that resolves common credential problems like human forgetfulness.
As for Possession, again, I think the claim is a stretch unless before writing the unique key to the phone’s secure element you somehow prove that the possessor of the phone is your actual intended user. I suppose if you enable Face ID login immediately after account creation you can have this proof–the brand-new user gets to declare this is their phone like they get to choose their username and password. But on any login beyond the first you would have to acquire proof of Possession using an existing factor before you could grant a new Possession factor. Else a fraudster who steals credentials can claim their phone is a Possession factor by enabling Face ID; a situation made extra problematic by Apple’s claim that Face ID also counts as Inherence!
Am I wrong in this assessment? Which of Knowledge, Possession, and Inherence should an app developer grant mobile local biometric authentication?
For example – If a title had a very heavy simulation loop (say 20ms), is it desirable to render at a greater rate, say 90hz?
This would always a present head pose correct to the view, without being stalled on simulation.
Or does this result in discomfort for the player, and instead render and sim should stay in lockstep?
This is something I’ve wondered for a while – is it theoretically possible to track someone using their phone number in the UK? It’s a classic Hollywood trope and I’m wondering just how much truth there is to it and how feasible it would be.
Doing some basic research returns plenty of services and apps that claim to be able to do it. For example, here:
Our location services use a variety of technology to locate a handset. Primarily we use cell-ID to locate a mobile phone to within a certain transmission cell. Accuracy is greater in areas of high population density (e.g. large towns and cities), and reduces as population density reduces (e.g. in the countryside)…
Our service will not work with landline numbers. It will only give the location of mobile phones registered to a UK mobile cell network. The service does not require the user to install any apps or other software. The service works cross-platform, which means it can work on Android, iPhone, Windows Phone, and older basic phones.
So if you’re concerned about the location of your family members, want to know the location of your employees, find a lost phone, or want to track down a suspicious call, phone number tracking is as real as they show in the movies!
I also came across this which seems like it could be of interest.
Is it possible to track a phone using a UK mobile number, and if so, is it limited to corporate entities? How easy or hard is it to do for the average technologically capable individual?
A trusted execution environment (TEE) provides a way for one to deploy tamper-proof programs on a device. The most prominent example of TEEs seem to be Intel SGX for PCs.
What I wonder is, if there exists an equivalent solution for mobile devices. For example, I want to deploy an arbitrary application on a smartphone that even a malicious OS can’t tamper with. Is there such a solution at the moment?
With devices like the Oculus Quest – is it feasible in terms of power and performance to run both the render loop and game logic loop at 90fps?
Or do Mobile VR titles try to simulate at a lower rate (say 30/45fps) and render pose correct information at 90fps?
Application for user authentication on pc. A key pair is generated on an Android device. The secret key is stored in Android Keystore, the public key is sent to the PC server. The client generates a token, calculates a hash function from it, signs it with the private key and sends it to the server. Server verifies the signature and checks the hashes. It is required to protect the public key from spoofing. You can also use qr code, for example, you can generate a key pair on a PC and transfer the private key through scanning qr code, and leave the open one.
HTTP request coming from mobile comes from localhost domain, however White Listing localhost in backend open up chances for CORS attacks. How to secure or filter HTTP request coming from mobile devices?
I have created a mobile application that monitors the accelerometer activity and based on that it rewards the user if a specific pattern is observed. How I can secure the application against the user itself who may try to hack the application to report the pattern I am looking for in order to get the reward?