Restrictions on mobile servers?

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Restrictions on mobile servers?

J. Landman Gay via use-livecode
On the desktop, most OSes at least provide some means of requiring
explicit admin permission to allow an app to open a TCP port for listening.

What restrictions are imposed by iOS and Android for similar security?

In the Android settings for LC's Standalone Builder, does the "Internet"
permission cover both client and server roles?

That seems a bit broad to me, but in my brief searching this morning I
haven't yet turned up how each mobile OS restricts apps from allowing
connections from the open Internet.

Any guidance on this would be appreciate.

TIA -

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Restrictions on mobile servers?

J. Landman Gay via use-livecode
The only restriction I know of is on iOS. iOS does not allow unencrypted
http connections unless you tic the "Disable ATS" in the standalone
settings. I know this applies to URLS using the browser control and "put/get
url" in scripts but don't know if it also applies to sockets.

If the mobile app was to be the server side of sockets how would you connect
to it? What would be the URL?
 
Ralph DiMola
IT Director
Evergreen Information Services
[hidden email]

-----Original Message-----
From: use-livecode [mailto:[hidden email]] On Behalf
Of Richard Gaskin via use-livecode
Sent: Thursday, July 20, 2017 1:00 PM
To: How to use LiveCode
Cc: Richard Gaskin
Subject: Restrictions on mobile servers?

On the desktop, most OSes at least provide some means of requiring explicit
admin permission to allow an app to open a TCP port for listening.

What restrictions are imposed by iOS and Android for similar security?

In the Android settings for LC's Standalone Builder, does the "Internet"
permission cover both client and server roles?

That seems a bit broad to me, but in my brief searching this morning I
haven't yet turned up how each mobile OS restricts apps from allowing
connections from the open Internet.

Any guidance on this would be appreciate.

TIA -

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
In reply to this post by J. Landman Gay via use-livecode
On 7/20/17 11:59 AM, Richard Gaskin via use-livecode wrote:
> On the desktop, most OSes at least provide some means of requiring
> explicit admin permission to allow an app to open a TCP port for listening.
>
> What restrictions are imposed by iOS and Android for similar security?

On Android, the user must agree to Internet and all other permissions
stated in the manifest before download begins if the app is in the Play
Store. In newer versions of Android the user has the ability to turn off
any permission at any time from within the OS settings.

--
Jacqueline Landman Gay         |     [hidden email]
HyperActive Software           |     http://www.hyperactivesw.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
In reply to this post by J. Landman Gay via use-livecode
Ralph DiMola wrote:

 > Richard wrote:
 >> On the desktop, most OSes at least provide some means of requiring
 >> explicit admin permission to allow an app to open a TCP port for
 >> listening.
 >>
 >> What restrictions are imposed by iOS and Android for similar
 >> security?
 >
 > The only restriction I know of is on iOS. iOS does not allow
 > unencrypted http connections unless you tic the "Disable ATS"
 > in the standalone settings. I know this applies to URLS using
 > the browser control and "put/get url" in scripts but don't know
 > if it also applies to sockets.
 >
 > If the mobile app was to be the server side of sockets how would
 > you connect to it? What would be the URL?

Thanks for the input, Ralph.

I've been pondering P2P-vs-client-server for years, and this morning was
prompted to learn the implications of attempting P2P on mobile from this
forum thread:
<http://forums.livecode.com/viewtopic.php?f=11&t=27058>

The user there is proposing a dynamic DNS solution, where each mobile
device posts its current IP address through a domain-based intermediary.

As popular as DynDNS services are for certain applications, they only
solve part of the problem.

The biggest challenges (on the desktop at least) involve the complexity
required of the user to configure port-forwarding in their router's NAS,
and the (hopefully) complete inability to do that in any business
environment.  Coupled with an ever-greater awareness of security risks
at the OS level, deploying TCP listeners in consumer apps seems dodgy at
best.

Indeed, many P2P services, like one of the world's most popular, Skype,
make use of client-server as a fallback. Last I heard most of Skype's
traffic was using that fallback.

So while I'm disinclined to recommend P2P for anything outside of
subnets on the desktop, I have to admit ignorance of the implications of
attempting it on mobile OSes.

I would imagine security would be even stronger, but perhaps mobile OS
vendors provide clever ways to mitigate the risks.

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
In reply to this post by J. Landman Gay via use-livecode
J. Landman Gay wrote:

 > On 7/20/17 11:59 AM, Richard Gaskin via use-livecode wrote:
 >> On the desktop, most OSes at least provide some means of requiring
 >> explicit admin permission to allow an app to open a TCP port for
 >> listening.
 >>
 >> What restrictions are imposed by iOS and Android for similar
 >> security?
 >
 > On Android, the user must agree to Internet and all other permissions
 > stated in the manifest before download begins if the app is in the
 > Play Store. In newer versions of Android the user has the ability to
 > turn off any permission at any time from within the OS settings.

So that one setting applies to both client and server roles, the ability
to send requests to servers and also to expose the device to probing
from the open Internet?

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
In reply to this post by J. Landman Gay via use-livecode
Richard:

I've been working with with VOIP applications and there are some systems
that have free methods for finding each other.

Check out the Linphone SIP service  (and Linphone itself is pretty cool)

Open Source of course. They use the new stuff in the Opera, Firefox and
Chrome browsers using the Opus codec.

sqb

--
Stephen Barncard - Sebastopol Ca. USA -
mixstream.org

On Thu, Jul 20, 2017 at 11:23 AM, Richard Gaskin via use-livecode <
[hidden email]> wrote:

> Ralph DiMola wrote:
>
> > Richard wrote:
> >> On the desktop, most OSes at least provide some means of requiring
> >> explicit admin permission to allow an app to open a TCP port for
> >> listening.
> >>
> >> What restrictions are imposed by iOS and Android for similar
> >> security?
> >
> > The only restriction I know of is on iOS. iOS does not allow
> > unencrypted http connections unless you tic the "Disable ATS"
> > in the standalone settings. I know this applies to URLS using
> > the browser control and "put/get url" in scripts but don't know
> > if it also applies to sockets.
> >
> > If the mobile app was to be the server side of sockets how would
> > you connect to it? What would be the URL?
>
> Thanks for the input, Ralph.
>
> I've been pondering P2P-vs-client-server for years, and this morning was
> prompted to learn the implications of attempting P2P on mobile from this
> forum thread:
> <http://forums.livecode.com/viewtopic.php?f=11&t=27058>
>
> The user there is proposing a dynamic DNS solution, where each mobile
> device posts its current IP address through a domain-based intermediary.
>
> As popular as DynDNS services are for certain applications, they only
> solve part of the problem.
>
> The biggest challenges (on the desktop at least) involve the complexity
> required of the user to configure port-forwarding in their router's NAS,
> and the (hopefully) complete inability to do that in any business
> environment.  Coupled with an ever-greater awareness of security risks at
> the OS level, deploying TCP listeners in consumer apps seems dodgy at best.
>
> Indeed, many P2P services, like one of the world's most popular, Skype,
> make use of client-server as a fallback. Last I heard most of Skype's
> traffic was using that fallback.
>
> So while I'm disinclined to recommend P2P for anything outside of subnets
> on the desktop, I have to admit ignorance of the implications of attempting
> it on mobile OSes.
>
> I would imagine security would be even stronger, but perhaps mobile OS
> vendors provide clever ways to mitigate the risks.
>
>
> --
>  Richard Gaskin
>  Fourth World Systems
>  Software Design and Development for the Desktop, Mobile, and the Web
>  ____________________________________________________________________
>  [hidden email]                http://www.FourthWorld.com
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
Stephen Barncard wrote:

 > Richard:
 >
 > I've been working with with VOIP applications and there are some
 > systems that have free methods for finding each other.
 >
 > Check out the Linphone SIP service  (and Linphone itself is pretty
 > cool)

Thanks.  Isn't Linphone client-server, as opposed to direct P2P?

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
I'm pretty sure SIP servers just  makes introductions to two clients
running on devices and gets out of the way. A way to keep your IP out of it.
Also they use UDP packets - MUCH less latency - and does error correction
(reconstruction?) without re-requesting as HTTP based clients do.

the 'stuff' to do this has recently been added to the named browsers.
 All the code is there.

--
Stephen Barncard - Sebastopol Ca. USA -
mixstream.org

On Thu, Jul 20, 2017 at 12:11 PM, Richard Gaskin via use-livecode <
[hidden email]> wrote:

> Stephen Barncard wrote:
>
> > Richard:
> >
> > I've been working with with VOIP applications and there are some
> > systems that have free methods for finding each other.
> >
> > Check out the Linphone SIP service  (and Linphone itself is pretty
> > cool)
>
> Thanks.  Isn't Linphone client-server, as opposed to direct P2P?
>
>
> --
>  Richard Gaskin
>  Fourth World Systems
>  Software Design and Development for the Desktop, Mobile, and the Web
>  ____________________________________________________________________
>  [hidden email]                http://www.FourthWorld.com
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
In reply to this post by J. Landman Gay via use-livecode
On 7/20/17 1:44 PM, Richard Gaskin via use-livecode wrote:

> J. Landman Gay wrote:
>
>  > On 7/20/17 11:59 AM, Richard Gaskin via use-livecode wrote:
>  >> On the desktop, most OSes at least provide some means of requiring
>  >> explicit admin permission to allow an app to open a TCP port for
>  >> listening.
>  >>
>  >> What restrictions are imposed by iOS and Android for similar
>  >> security?
>  >
>  > On Android, the user must agree to Internet and all other permissions
>  > stated in the manifest before download begins if the app is in the
>  > Play Store. In newer versions of Android the user has the ability to
>  > turn off any permission at any time from within the OS settings.
>
> So that one setting applies to both client and server roles, the ability
> to send requests to servers and also to expose the device to probing
> from the open Internet?
>

First off, I was wrong about how Android verifies permissions. It lists
all permissions assigned to the app in a dialog prior to installation,
so you can cancel or at least be aware of what you might want to turn
off later. The source of the apk is immaterial, the permissions
notification is part of the install process.

That said, the internet permission applies to any type of internet
communication. If it's turned off, the app can neither send nor receive
internet data; it's my understanding that the OS blocks the connection
from either side.

--
Jacqueline Landman Gay         |     [hidden email]
HyperActive Software           |     http://www.hyperactivesw.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Restrictions on mobile servers?

J. Landman Gay via use-livecode
In reply to this post by J. Landman Gay via use-livecode
I use a "stun" server to get the ata(sip client) ip behind NAT. There are
public stun servers or you can install an open source one on your one
server.

Ralph DiMola
IT Director
Evergreen Information Services
[hidden email]


-----Original Message-----
From: use-livecode [mailto:[hidden email]] On Behalf
Of Stephen Barncard via use-livecode
Sent: Thursday, July 20, 2017 4:13 PM
To: How to use LiveCode
Cc: Stephen Barncard
Subject: Re: Restrictions on mobile servers?

I'm pretty sure SIP servers just  makes introductions to two clients running
on devices and gets out of the way. A way to keep your IP out of it.
Also they use UDP packets - MUCH less latency - and does error correction
(reconstruction?) without re-requesting as HTTP based clients do.

the 'stuff' to do this has recently been added to the named browsers.
 All the code is there.

--
Stephen Barncard - Sebastopol Ca. USA -
mixstream.org

On Thu, Jul 20, 2017 at 12:11 PM, Richard Gaskin via use-livecode <
[hidden email]> wrote:

> Stephen Barncard wrote:
>
> > Richard:
> >
> > I've been working with with VOIP applications and there are some
> > systems that have free methods for finding each other.
> >
> > Check out the Linphone SIP service  (and Linphone itself is pretty
> > cool)
>
> Thanks.  Isn't Linphone client-server, as opposed to direct P2P?
>
>
> --
>  Richard Gaskin
>  Fourth World Systems
>  Software Design and Development for the Desktop, Mobile, and the Web  
> ____________________________________________________________________
>  [hidden email]                http://www.FourthWorld.com
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
A bit OT but entertaining, apparently one can use an iPhone as a server:

https://stackoverflow.com/questions/6804650/ios-devices-as-web-server

I see no point to this, but, you know, people just do things :)

Sent from my iPhone

> On Jul 20, 2017, at 4:33 PM, Ralph DiMola via use-livecode <[hidden email]> wrote:
>
> I use a "stun" server to get the ata(sip client) ip behind NAT. There are
> public stun servers or you can install an open source one on your one
> server.
>
> Ralph DiMola
> IT Director
> Evergreen Information Services
> [hidden email]
>
>
> -----Original Message-----
> From: use-livecode [mailto:[hidden email]] On Behalf
> Of Stephen Barncard via use-livecode
> Sent: Thursday, July 20, 2017 4:13 PM
> To: How to use LiveCode
> Cc: Stephen Barncard
> Subject: Re: Restrictions on mobile servers?
>
> I'm pretty sure SIP servers just  makes introductions to two clients running
> on devices and gets out of the way. A way to keep your IP out of it.
> Also they use UDP packets - MUCH less latency - and does error correction
> (reconstruction?) without re-requesting as HTTP based clients do.
>
> the 'stuff' to do this has recently been added to the named browsers.
> All the code is there.
>
> --
> Stephen Barncard - Sebastopol Ca. USA -
> mixstream.org
>
> On Thu, Jul 20, 2017 at 12:11 PM, Richard Gaskin via use-livecode <
> [hidden email]> wrote:
>
>> Stephen Barncard wrote:
>>
>>> Richard:
>>>
>>> I've been working with with VOIP applications and there are some
>>> systems that have free methods for finding each other.
>>>
>>> Check out the Linphone SIP service  (and Linphone itself is pretty
>>> cool)
>>
>> Thanks.  Isn't Linphone client-server, as opposed to direct P2P?
>>
>>
>> --
>> Richard Gaskin
>> Fourth World Systems
>> Software Design and Development for the Desktop, Mobile, and the Web  
>> ____________________________________________________________________
>> [hidden email]                http://www.FourthWorld.com
>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
In reply to this post by J. Landman Gay via use-livecode
Ralph DiMola wrote:

 > I use a "stun" server to get the ata(sip client) ip behind NAT. There
 > are public stun servers or you can install an open source one on your
 > one server.

Good reading, thanks.

But there's that word again, "server".

The forum user's request is for pure P2P communication between phones.
He's willing to use a third device as a server for sharing IP addresses,
but for reasons I haven't yet discerned prefers not to use a server for
actual comms, wants those phone-to-phone.


As a side note, the earlier suggestion that every app that's granted
permission to make outgoing requests also has privileges to open ports
for incoming connections kinda freaks me out.  Any suggestions for good
software on non-rooted phones for monitoring app network activity?

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
In reply to this post by J. Landman Gay via use-livecode
Heh heh. No one saw the point to trying to run Windows on a Mac, or a Mac on an Intel chipset either. Until someone saw the point. :-)

Bob S


> On Jul 20, 2017, at 16:14 , Jonathan Lynch via use-livecode <[hidden email]> wrote:
>
> A bit OT but entertaining, apparently one can use an iPhone as a server:
>
> https://stackoverflow.com/questions/6804650/ios-devices-as-web-server
>
> I see no point to this, but, you know, people just do things :)
>
> Sent from my iPhone


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
In reply to this post by J. Landman Gay via use-livecode
On 7/20/17 7:02 PM, Richard Gaskin via use-livecode wrote:
> As a side note, the earlier suggestion that every app that's granted
> permission to make outgoing requests also has privileges to open ports
> for incoming connections kinda freaks me out.

That's a broader interpretation than I intended. I believe (but am not
sure) that Android only allows solicited responses and blocks
unsolicited internet traffic. But I'd recommend doing some research
because I'm no authority on this stuff.

--
Jacqueline Landman Gay         |     [hidden email]
HyperActive Software           |     http://www.hyperactivesw.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Restrictions on mobile servers?

J. Landman Gay via use-livecode
Most plug and play firewalls do (and firewalling is what we are talking about here). I am not an Android or even an iOS developer, but isn't that up to the OS and not the app?

Bob S


> On Jul 21, 2017, at 13:57 , J. Landman Gay via use-livecode <[hidden email]> wrote:
>
> On 7/20/17 7:02 PM, Richard Gaskin via use-livecode wrote:
>> As a side note, the earlier suggestion that every app that's granted permission to make outgoing requests also has privileges to open ports for incoming connections kinda freaks me out.
>
> That's a broader interpretation than I intended. I believe (but am not sure) that Android only allows solicited responses and blocks unsolicited internet traffic. But I'd recommend doing some research because I'm no authority on this stuff.
>
> --
> Jacqueline Landman Gay         |     [hidden email]


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Loading...